1. إستبعاد الملاحظة
  2. الإدارة العامة

    صفحة منتديات زيزووم للأمن والحماية

  3. الإدارة العامة

    الصفحة الرسمية لمنتديات زيزووم للأمن والحماية الفيس بوك

  4. الإدارة العامة

    الصفحة الرسمية لمنتديات زيزووم للأمن والحماية التلكرام

فيروس win/virut.ce من يفكني منه ومن غثاه ..؟

الموضوع في 'منتدى مشاكـل وحلول الحـاسب' بواسطة Y-A-S, بتاريخ ‏ديسمبر 26, 2009.

  1. Y-A-S

    Y-A-S زيزوومى متألق

    إنضم إلينا في:
    ‏مايو 7, 2009
    المشاركات:
    327
    الإعجابات :
    2
    نقاط الجائزة:
    390
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP


    السلام عليكم


    ياأخوان هالفيروس غثني الله يشل من سواه ..:no:

    ماهو راضي يذلف .. جربت الأفيرا والكاسبر تولز والمكافي .. وجربت اداه الكومبوفكس والماللوير ..

    امس جربت برنامج norman malware cleaner وكان يمسك الفايروس لكن يعلق البرنامج ويوقف البحث ..

    عطلت استعاده النظام ...

    صراحه تعبت واملي الأخير الزيزوم :bleh:
     
  2. MAAX

    MAAX عضوشرف

    إنضم إلينا في:
    ‏يوليو 25, 2007
    المشاركات:
    46,402
    الإعجابات :
    2,660
    نقاط الجائزة:
    1,170
    الجنس:
    ذكر
    الإقامة:
    قريب منك
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    هلا بك
    حمل هذا البرنامج
    www.zyzoom.net/shswelh/Zyzoom_HijackThis.exe
    بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
    شغل البرنامج ==> واضغط على
    Do a system scan and save log
    لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
     
    آخر تعديل بواسطة المشرف: ‏مايو 12, 2014
  3. Y-A-S

    Y-A-S زيزوومى متألق

    إنضم إلينا في:
    ‏مايو 7, 2009
    المشاركات:
    327
    الإعجابات :
    2
    نقاط الجائزة:
    390
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:28:19 ص, on 26/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\DOCUME~1\DRCOMP~1\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Paltalk Messenger\paltalk.exe
    C:\Documents and Settings\Dr computer\سطح المكتب\Virus Removal Tool1\setup_9.0.0.722_25.12.2009_11-11\setup_9.0.0.722_25.12.2009_11-11.exe
    c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Documents and Settings computer\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\K-Lite Codec Pack\Real\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: setup_9.0.0.722_25.12.2009_11-11.lnk = ?
    O4 - Startup: _uninst_setup_9.0.0.722_16.12.2009_22-41.exe.lnk = C:\Documents and Settings\computer\Local Settings\temp\_uninst_setup_9.0.0.722_16.12.2009_22-41.exe.bat
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\WINDOWS\System32\DreamScene.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    --
    End of file - 7923 bytes
     
  4. MAAX

    MAAX عضوشرف

    إنضم إلينا في:
    ‏يوليو 25, 2007
    المشاركات:
    46,402
    الإعجابات :
    2,660
    نقاط الجائزة:
    1,170
    الجنس:
    ذكر
    الإقامة:
    قريب منك
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    عطل برامج الحماية عن العمل
    ثم
    حمل الاداة التالية واحفظها على سطح المكتب
    [​IMG]
    عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
    بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
    اثناء الفحص ممكن يعاد تشغيل الجهاز
    وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
    لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
    انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
     
  5. Y-A-S

    Y-A-S زيزوومى متألق

    إنضم إلينا في:
    ‏مايو 7, 2009
    المشاركات:
    327
    الإعجابات :
    2
    نقاط الجائزة:
    390
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    ComboFix 09-12-26.01 - computer 12/26/2009 2:49.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.502.212 [GMT 3:00]
    Running from: c:\documents and settings\ computer\My Documents\Downloads\Programs\ComboFix.exe
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
    .
    2009-12-25 23:05 . 2009-10-22 09:54 37392 ----a-w- c:\windows\system32\drivers\33535302.sys
    2009-12-25 23:05 . 2009-10-09 19:31 315408 ----a-w- c:\windows\system32\drivers\3353530.sys
    2009-12-25 23:05 . 2009-09-25 13:59 128016 ----a-w- c:\windows\system32\drivers\33535301.sys
    2009-12-25 23:04 . 2009-12-25 23:06 -------- d-----w- c:\windows\LastGood
    2009-12-25 23:00 . 2009-12-25 23:00 720896 ----a-w- c:\windows\iun6002.exe
    2009-12-25 23:00 . 2009-12-25 23:00 -------- d-----w- c:\program files\Abadisoft
    2009-12-25 11:13 . 2009-12-25 11:13 -------- d-----w- c:\documents and settings\ computer\Application Data\dvdcss
    2009-12-25 00:53 . 2009-12-25 00:53 -------- d-----w- c:\documents and settings\tazebama.dl_
    2009-12-24 21:40 . 2009-12-25 11:45 -------- d-----w- c:\documents and settings\ computer\Application Data\vlc
    2009-12-24 21:39 . 2009-12-24 21:39 -------- d-----w- c:\program files\VideoLAN
    2009-12-24 21:37 . 2009-12-24 21:37 -------- d-----w- c:\documents and settings\ computer\Application Data\Apple Computer
    2009-12-24 21:34 . 2009-12-24 21:35 -------- d-----w- c:\program files\QuickTime
    2009-12-24 21:34 . 2009-12-24 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-12-24 21:34 . 2009-12-24 21:34 -------- d-----w- c:\documents and settings\ computer\Local Settings\Application Data\Apple
    2009-12-24 21:33 . 2009-12-24 21:33 -------- d-----w- c:\program files\Apple Software Update
    2009-12-24 21:33 . 2009-12-24 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2009-12-24 21:33 . 2009-12-24 21:33 -------- d-----w- c:\documents and settings\ computer\Local Settings\Application Data\Apple Computer
    2009-12-24 04:02 . 2009-12-24 04:02 -------- d-----w- c:\documents and settings\ computer\DoctorWeb
    2009-12-24 00:36 . 2009-12-24 00:36 -------- d-----w- c:\program files\Gyrus Solutions
    2009-12-23 01:14 . 2009-12-23 01:16 1218973 ----a-w- c:\documents and settings\ computer\Application Data\IDM\DwnlData\computer\sdsetup_6\sdsetup.exe
    2009-12-22 23:54 . 2009-12-22 23:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-12-22 00:13 . 2009-12-22 00:13 -------- d--h--w- c:\windows\PIF
    2009-12-22 00:07 . 2009-12-22 00:07 198064 ----a-w- c:\documents and settings\computer\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    2009-12-22 00:07 . 2009-12-25 23:58 -------- d-----w- c:\documents and settings\computer\Application Data\DMCache
    2009-12-22 00:07 . 2009-12-23 01:14 -------- d-----w- c:\documents and settings\computer\Application Data\IDM
    2009-12-21 11:04 . 2009-12-25 23:57 4971040 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-12-21 11:04 . 2009-12-25 23:57 492064 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-12-21 10:30 . 2009-12-21 23:43 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2009-12-21 10:30 . 2009-12-21 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2009-12-21 10:29 . 2009-12-21 10:29 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Downloaded Installations
    2009-12-20 10:49 . 2009-12-20 13:03 -------- d-----w- c:\documents and settings\computer\Application Data\BitTorrent
    2009-12-20 10:48 . 2009-12-20 10:48 -------- d-----w- c:\program files\BitTorrent
    2009-12-20 10:27 . 2009-12-20 10:27 8704 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\ThinstallBuilder\400000ce00003h\snapshot.exe
    2009-12-20 02:52 . 2009-12-20 02:52 81920 ----a-w- c:\documents and settings\computer\Application Data\ezpinst.exe
    2009-12-20 02:52 . 2009-12-20 02:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2009-12-20 02:52 . 2009-12-20 02:52 47360 ----a-w- c:\documents and settings\computer\Application Data\pcouffin.sys
    2009-12-20 02:52 . 2009-12-20 02:52 -------- d-----w- c:\documents and settings\computer\Application Data\Vso
    2009-12-20 02:50 . 2009-12-20 02:50 33792 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\ThinstallBuilder\4000003800003i\snapshot.exe
    2009-12-20 02:35 . 2009-12-20 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Thinstall
    2009-12-20 01:32 . 2009-12-20 01:32 -------- d-sh--w- c:\documents and settings\computer\IECompatCache
    2009-12-20 01:12 . 2009-12-20 01:12 7680 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\BitTorrent\40000016700002i\bittorrent.exe
    2009-12-20 01:12 . 2009-12-20 01:12 294912 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\ThinstallBuilder\4000007d00003i\tlink.exe
    2009-12-20 01:12 . 2009-12-20 01:12 294912 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\ThinstallBuilder\4000005100003i\vftool.exe
    2009-12-20 01:12 . 2009-12-20 01:12 294912 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\ThinstallBuilder\4000005800003i\vregtool.exe
    2009-12-20 01:06 . 2009-12-20 01:06 294912 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\ThinstallBuilder\4000003e00003i\snapshot.exe
    2009-12-20 01:06 . 2009-12-20 01:06 -------- d-----w- c:\program files\VMware
    2009-12-20 00:43 . 2009-12-20 00:43 7168 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\Microsoft Text-to-Speech Engine 4.0 (English)\4000005e00002i\vcmd.exe
    2009-12-20 00:33 . 2009-12-20 00:33 7168 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\{CD1445DB-29C6-4E04-A9EE-12D35957EA32}\40000016700002i\bittorrent.exe
    2009-12-20 00:17 . 2009-12-20 00:17 7168 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\Ashampoo Burning Studio 9.10\4000001c00002i\CancelAutoplay.exe
    2009-12-19 23:56 . 2009-12-19 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\page
    2009-12-19 23:50 . 2009-12-19 23:50 -------- d-----w- c:\program files\Java
    2009-12-19 23:48 . 2009-12-19 23:48 152576 ----a-w- c:\documents and settings\computer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
    2009-12-19 23:46 . 2009-12-20 10:54 -------- d-----w- c:\program files\Thinstall.VS
    2009-12-19 23:46 . 2009-12-19 23:46 -------- d-----w- c:\documents and settings\computer\Application Data\Downloaded Installations
    2009-12-19 23:39 . 2009-12-19 23:39 0 ----a-w- c:\windows\nsreg.dat
    2009-12-19 23:39 . 2009-12-19 23:39 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Mozilla
    2009-12-18 19:57 . 2009-05-12 18:01 233888 ----a-w- c:\windows\system32\DreamScene.dll
    2009-12-18 11:21 . 2009-12-18 11:21 45056 ----a-w- c:\documents and settings\computer\Application Data\Thinstall\FormatFactory 2.10\4000008000002i\Splash Screen.exe
    2009-12-18 11:21 . 2009-12-20 02:58 -------- d-----w- c:\documents and settings\computer\Application Data\Thinstall
    2009-12-18 11:21 . 2009-12-20 00:12 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Thinstall
    2009-12-17 23:25 . 2009-10-22 09:54 37392 ----a-w- c:\windows\system32\drivers\03999502.sys
    2009-12-17 23:25 . 2009-10-09 19:31 315408 ----a-w- c:\windows\system32\drivers\0399950.sys
    2009-12-17 23:25 . 2009-09-25 13:59 128016 ----a-w- c:\windows\system32\drivers\03999501.sys
    2009-12-17 22:21 . 2009-12-17 22:21 -------- d-----w- c:\windows\system32\wbem\snmp
    2009-12-17 22:21 . 2009-12-17 22:21 -------- d-----w- c:\windows\system32\xircom
    2009-12-17 22:21 . 2009-12-17 22:21 -------- d-----w- c:\program files\microsoft frontpage
    2009-12-17 19:59 . 2009-12-17 19:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2009-12-17 19:56 . 2009-12-17 19:56 -------- d-----w- c:\windows\SHELLNEW
    2009-12-17 19:55 . 2009-12-17 19:55 -------- d-----w- c:\documents and settings\computer\Local Settings\Application Data\Microsoft Help
    2009-12-17 19:54 . 2009-12-17 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-12-17 19:52 . 2009-12-17 19:52 -------- d-----r- C:\MSOCache
    2009-12-17 15:50 . 2009-12-21 23:48 -------- d-----w- c:\windows\system32\SupportAppXL
    2009-12-17 05:29 . 2008-04-15 20:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2009-12-17 00:16 . 2009-12-17 00:18 -------- d-----w- c:\documents and settings\computer\Application Data\Paltalk
    2009-12-17 00:16 . 2009-12-17 00:16 -------- d-----w- c:\program files\Paltalk Messenger
    2009-12-17 00:16 . 2009-12-17 00:16 -------- d-----w- c:\windows\PaltalkScene
    2009-12-17 00:15 . 2009-12-19 23:39 -------- d-----w- c:\program files\PremierOpinion
    2009-12-17 00:13 . 2009-12-17 00:13 -------- d-----w- c:\program files\CEDP Stealer 6.0 for Messenger
    2009-12-17 00:02 . 2009-12-17 00:02 -------- d-----w- c:\windows\Sun
    2009-12-14 17:15 . 2009-12-22 23:53 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-12-14 17:11 . 2009-12-25 22:43 -------- d-----w- c:\documents and settings\computer\Tracing
    2009-12-14 16:18 . 2009-08-05 19:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
    2009-12-14 16:16 . 2009-12-14 16:16 -------- d-----w- c:\program files\Microsoft Sync Framework
    2009-12-14 16:13 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2009-12-14 16:11 . 2009-12-14 16:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-12-14 16:08 . 2009-12-14 16:08 -------- d-----w- c:\program files\Microsoft
    2009-12-14 16:08 . 2009-12-14 16:08 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-12-14 16:07 . 2009-12-14 16:17 -------- d-----w- c:\program files\Windows Live
    2009-12-14 16:02 . 2009-12-14 16:02 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-12-14 15:31 . 2009-12-19 17:48 -------- d-----w- C:\Downloads
    2009-12-14 15:29 . 2009-12-25 23:57 -------- d-----w- c:\documents and settings\computer\Application Data\Free Download Manager
    2009-12-14 15:29 . 2009-12-14 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
    2009-12-14 15:29 . 2009-12-14 15:29 -------- d-----w- c:\program files\Free Download Manager
    2009-12-14 13:51 . 2009-12-14 13:51 -------- d-----w- C:\VundoFix Backups
    2009-12-13 21:08 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-12-13 21:08 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-12-13 21:08 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-12-13 21:08 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-12-13 21:08 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-12-13 21:08 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-12-13 21:08 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-12-13 21:08 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-12-13 21:07 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-12-13 21:07 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2009-12-13 21:07 . 2009-12-13 21:07 -------- d-----w- c:\program files\Alwil Software
    2009-12-13 20:21 . 2009-12-13 20:21 -------- d-----w- c:\documents and settings\computer\Application Data\Media Player Classic
    2009-12-13 20:11 . 2009-12-13 20:11 -------- d-----w- c:\program files\Common Files\xing shared
    2009-12-13 20:11 . 2009-12-13 20:11 -------- d-----w- c:\program files\Common Files\Real
    2009-12-13 20:05 . 2009-12-13 20:05 -------- d-----w- c:\documents and settings\computer\Application Data\Malwarebytes
    2009-12-13 20:05 . 2009-12-03 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-13 20:05 . 2009-12-13 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-13 20:05 . 2009-12-13 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-13 20:05 . 2009-12-03 13:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-13 19:40 . 2009-12-13 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
    2009-12-13 19:39 . 2009-12-20 09:30 28896 ----a-w- c:\documents and settings\computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-12-13 19:31 . 2009-12-20 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2009-12-13 19:31 . 2009-12-13 19:31 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2009-12-13 19:29 . 2009-12-13 19:31 -------- d-----w- c:\program files\HP
    2009-12-13 19:27 . 2009-12-13 19:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-12-13 19:26 . 2007-10-30 09:25 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2009-12-13 19:26 . 2007-10-30 09:25 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2009-12-13 19:26 . 2009-12-13 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
    2009-12-13 19:26 . 2007-11-08 14:52 271704 ----a-r- c:\windows\system32\hpzids01.dll
    2009-12-13 19:26 . 2007-10-20 15:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll
    2009-12-13 19:26 . 2007-10-20 15:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-25 17:33 . 2009-12-21 11:04 69056 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-12-25 17:33 . 2009-12-21 11:04 51032 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-12-23 09:04 . 2009-12-13 15:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-12-22 23:42 . 2008-04-15 20:00 71732 ----a-w- c:\windows\system32\perfc001.dat
    2009-12-22 23:42 . 2008-04-15 20:00 376278 ----a-w- c:\windows\system32\perfh001.dat
    2009-12-22 11:31 . 2009-12-13 15:14 -------- d-----w- c:\program files\Internet Download Manager
    2009-12-19 23:50 . 2009-12-13 15:27 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-12-13 20:11 . 2009-12-13 15:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-12-13 20:11 . 2009-12-13 15:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-12-13 17:16 . 2009-12-13 17:16 -------- d-----w- c:\program files\DIFX
    2009-12-13 15:28 . 2009-12-13 15:28 -------- d-----w- c:\program files\VSO
    2009-12-13 15:28 . 2009-12-13 15:28 -------- d-----w- c:\program files\UltraISO
    2009-12-13 15:28 . 2009-12-13 15:28 -------- d-----w- c:\program files\Common Files\EZB Systems
    2009-12-13 15:28 . 2009-12-13 15:27 -------- d-----w- c:\program files\K-Lite Codec Pack
    2009-12-13 15:24 . 2009-12-13 15:24 -------- d-----w- c:\program files\CCleaner
    2009-12-13 15:20 . 2009-12-13 15:20 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-12-13 15:20 . 2009-12-13 15:20 -------- d-----w- c:\program files\MSBuild
    2009-12-13 15:19 . 2009-12-13 15:19 -------- d-----w- c:\program files\Reference Assemblies
    .
    ------- Sigcheck -------
    [-] 2009-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2009-06-20 . 1D07888E58486533D87582985D047186 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
    [-] 2009-06-20 . 7FB6B5705BBDD9B92B2A99FFA25E4CE3 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
    [-] 2009-06-20 11:11 . 055A6DFE5400C9E484A65B9E0E50F20D . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    [-] 2009-06-20 . AED671FD84652A2E59B1EDF57DC54048 . 1359872 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    [-] 2009-06-20 . 020F56ADEF1B55F6F7B8B3F9A665DD28 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
    [-] 2009-06-20 . 6140520CDCCE0CCC733DD19262411952 . 2190720 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe

    [-] 2008-09-18 . CA1867A515E40A015BA6D9ADD83FB823 . 1571328 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [-] 2008-09-18 01:41 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2009-06-20 . BF87F187CEBD49FA80AEF07431295048 . 2067712 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
    c:\windows\System32\wscntfy.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-12-17_20.59.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
    + 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
    + 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
    + 2009-12-25 22:42 . 2009-12-25 22:42 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat
    + 2009-12-25 22:42 . 2009-12-25 22:42 16384 c:\windows\Temp\Perflib_Perfdata_544.dat
    + 2007-10-12 10:33 . 2007-12-08 04:39 28672 c:\windows\system32\vb6lib.dll
    + 2009-12-13 15:27 . 2008-06-08 20:58 60273 c:\windows\system32\pthreadGC2.dll
    - 2009-12-13 15:27 . 2009-01-07 18:14 60273 c:\windows\system32\pthreadGC2.dll
    - 2008-04-15 20:00 . 2009-12-17 20:38 71708 c:\windows\system32\perfc009.dat
    + 2008-04-15 20:00 . 2009-12-22 23:42 71708 c:\windows\system32\perfc009.dat
    - 2009-12-13 15:27 . 2009-04-02 13:21 84480 c:\windows\system32\ff_vfw.dll
    + 2009-12-13 15:27 . 2009-04-02 12:21 84480 c:\windows\system32\ff_vfw.dll
    + 2009-12-25 23:04 . 2009-10-22 09:54 37392 c:\windows\LastGood\system32\DRIVERS\46458102.sys
    + 2009-12-24 21:34 . 2009-12-24 21:34 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
    + 2009-12-24 00:36 . 2009-12-24 00:36 23230 c:\windows\Installer\{3B3BA59B-1E73-4520-9B21-520E98D4E691}\_6FEFF9B68218417F98F549.exe
    - 2009-12-13 15:28 . 2009-12-13 20:11 5632 c:\windows\system32\pndx5032.dll
    + 2009-12-13 15:28 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll
    - 2009-12-13 15:28 . 2009-12-13 20:11 6656 c:\windows\system32\pndx5016.dll
    + 2009-12-13 15:28 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
    + 2008-07-29 00:54 . 2008-07-29 00:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
    - 2009-12-13 15:28 . 2009-12-13 20:11 185920 c:\windows\system32\rmoc3260.dll
    + 2009-12-13 15:28 . 2008-09-10 19:56 185920 c:\windows\system32\rmoc3260.dll
    + 2009-12-13 15:28 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll
    - 2009-12-13 15:28 . 2009-12-13 20:11 278528 c:\windows\system32\pncrt.dll
    - 2008-04-15 20:00 . 2009-12-17 20:38 441772 c:\windows\system32\perfh009.dat
    + 2008-04-15 20:00 . 2009-12-22 23:42 441772 c:\windows\system32\perfh009.dat
    + 2009-12-19 23:50 . 2009-12-19 23:50 149280 c:\windows\system32\javaws.exe
    + 2009-12-19 23:50 . 2009-12-19 23:50 145184 c:\windows\system32\javaw.exe
    + 2009-12-19 23:50 . 2009-12-19 23:50 145184 c:\windows\system32\java.exe
    + 2009-12-13 17:49 . 2009-12-20 13:31 131688 c:\windows\system32\FNTCACHE.DAT
    + 2009-12-21 11:01 . 2009-02-18 11:41 186128 c:\windows\system32\drivers\klif.sys
    + 2009-12-25 23:04 . 2009-09-25 13:59 128016 c:\windows\LastGood\system32\DRIVERS\46458101.sys
    + 2009-12-25 23:04 . 2009-10-09 19:31 315408 c:\windows\LastGood\system32\DRIVERS\4645810.sys
    + 2009-12-23 01:46 . 2009-12-23 01:46 228352 c:\windows\Installer\6067b5.msi
    + 2009-12-24 00:36 . 2009-12-24 00:36 126464 c:\windows\Installer\2adfd7.msi
    + 2008-07-29 05:05 . 2008-07-29 05:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
    + 2008-07-29 05:05 . 2008-07-29 05:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
    + 2009-12-24 21:35 . 2009-12-24 21:35 8992256 c:\windows\Installer\25ae327.msi
    + 2009-12-24 21:34 . 2009-12-24 21:34 1549312 c:\windows\Installer\25ae323.msi
    + 2009-12-19 23:50 . 2009-12-19 23:50 1757696 c:\windows\Installer\203b00.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-19 149280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2009-03-08 128512]
    c:\documents and settings\computer\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
    setup_9.0.0.722_25.12.2009_11-11.lnk - c:\documents and settings\computer\«ل¥ ںéêè¢ \Virus Removal Tool1\setup_9.0.0.722_25.12.2009_11-11\startup.exe [2009-12-26 72208]
    c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
    PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-12-3 11552768]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoConfigPage"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "NoConfigPage"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
    "c:\\program files\\premieropinion\\pmropn.exe"=
    "c:\\Documents and Settings\\computer\\Application Data\\Thinstall\\{CD1445DB-29C6-4E04-A9EE-12D35957EA32}\\40000016700002i\\bittorrent.exe"=
    "c:\\Documents and Settings\\computer\\Application Data\\Thinstall\\BitTorrent\\40000016700002i\\bittorrent.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Free Download Manager\\fdmwi.exe"=
    R0 03999502;03999502 Boot Guard Driver;c:\windows\system32\drivers\03999502.sys [18/12/2009 02:25 ص 37392]
    R0 33535302;33535302 Boot Guard Driver;c:\windows\system32\drivers\33535302.sys [26/12/2009 02:05 ص 37392]
    R1 03999501;03999501;c:\windows\system32\drivers\03999501.sys [18/12/2009 02:25 ص 128016]
    R1 33535301;33535301;c:\windows\system32\drivers\33535301.sys [26/12/2009 02:05 ص 128016]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/12/2009 12:08 ص 114768]
    R1 setup_9.0.0.722_25.12.2009_11-11drv;setup_9.0.0.722_25.12.2009_11-11drv;c:\windows\system32\drivers\3353530.sys [26/12/2009 02:05 ص 315408]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/12/2009 12:08 ص 20560]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/12/2009 07:18 م 54752]
    R4 46458101;46458101;c:\windows\system32\DRIVERS\46458101.sys --> c:\windows\system32\DRIVERS\46458101.sys [?]
    S0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [18/09/2008 04:42 ص 124928]
    S3 fsssvc;خدمة أمان العائلة في Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 م 704864]
    S3 NDISKIO;NDISKIO;\??\c:\docume~1\DRCOMP~1\LOCALS~1\Temp\00000dc1.nmc\nse\bin\ndiskio.sys --> c:\docume~1\DRCOMP~1\LOCALS~1\Temp\00000dc1.nmc\nse\bin\ndiskio.sys [?]
    S3 nsak;nsak;\??\c:\docume~1\DRCOMP~1\LOCALS~1\Temp\0000011d.nmc\nse\bin\nsak.sys --> c:\docume~1\DRCOMP~1\LOCALS~1\Temp\0000011d.nmc\nse\bin\nsak.sys [?]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - 33535301
    *NewlyCreated* - 33535302
    *NewlyCreated* - SETUP_9.0.0.722_25.12.2009_11-11DRV
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    ------- Supplementary Scan -------
    .
    IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
    IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
    FF - ProfilePath - c:\documents and settings\computer\Application Data\Mozilla\Firefox\Profiles\t394r3km.default\
    FF - component: c:\program files\K-Lite Codec Pack\Real\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\PremierOpinion\components\pmxg.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\Netscape6\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\Netscape6\nprjplug.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\Netscape6\nprpjplug.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PremierOpinion
    .
    .
    ------- File Associations -------
    .
    txtfile=NOTEPAD %1
    .
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-SystemInit - (no file)
    HKLM-Run-Karen - (no file)
    HKLM-Run-raVe - (no file)
    HKLM-Run-SystemBackup - (no file)
    HKLM-Run-Win32BaseServiceMOD - (no file)
    HKLM-Run-startIE - (no file)

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-26 02:58
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\S-1-5-21-1078081533-448539723-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,f8,56,20,84,85,a2,4c,b9,a4,33,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,f8,56,20,84,85,a2,4c,b9,a4,33,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(2800)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    Completion time: 2009-12-26 03:02:19
    ComboFix-quarantined-files.txt 2009-12-26 00:02
    ComboFix2.txt 2009-12-20 19:50
    ComboFix3.txt 2009-12-17 21:02
    Pre-Run: 6,477,250,560 bytes free
    Post-Run: 6,993,596,416 bytes free
    - - End Of File - - EACB35E74D7E9ACE0DD43F0D0813EA68
     
  6. MAAX

    MAAX عضوشرف

    إنضم إلينا في:
    ‏يوليو 25, 2007
    المشاركات:
    46,402
    الإعجابات :
    2,660
    نقاط الجائزة:
    1,170
    الجنس:
    ذكر
    الإقامة:
    قريب منك
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    ممكن تعطينا امتداد ومسار الاصابة
     
  7. Y-A-S

    Y-A-S زيزوومى متألق

    إنضم إلينا في:
    ‏مايو 7, 2009
    المشاركات:
    327
    الإعجابات :
    2
    نقاط الجائزة:
    390
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    امتداد الأصابه

    في مجلد السيستم فوليم انفرميشن ..

    قفلت استعادة النظام وعملت تنظيف لكن مافيه فايده .. برنامج norman بيكشف عن فيروس virut داخل المجلد لكن بيعلق ومايقدر يحذفه .. وكل البرامج نفس الطريقه
     
  8. Y-A-S

    Y-A-S زيزوومى متألق

    إنضم إلينا في:
    ‏مايو 7, 2009
    المشاركات:
    327
    الإعجابات :
    2
    نقاط الجائزة:
    390
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    لما احاول ادخل على مجلد السيستم فويلم انفرميشن .. بيقولي لايمكن الوصول .. تم رفض الوصول .

    كمان فيه مجلد ثاني اسمه autorun.inf ونفس المشكله مقد ادخله ..
     
  9. MAAX

    MAAX عضوشرف

    إنضم إلينا في:
    ‏يوليو 25, 2007
    المشاركات:
    46,402
    الإعجابات :
    2,660
    نقاط الجائزة:
    1,170
    الجنس:
    ذكر
    الإقامة:
    قريب منك
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    طيب عطل استعادة النظام وابقها معطلة عن جميع الاقراص

    ثم اعمل فحص بالنورمان
     
  10. MAAX

    MAAX عضوشرف

    إنضم إلينا في:
    ‏يوليو 25, 2007
    المشاركات:
    46,402
    الإعجابات :
    2,660
    نقاط الجائزة:
    1,170
    الجنس:
    ذكر
    الإقامة:
    قريب منك
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    مجلد الاول هو مجلد استعادة النظام ولا يمكن لك دخوله
    والمجلد الثاني هو حماية استباقية من ملفات الاتورن الخبيثة

    اعمل التالي لاخفائها

    [​IMG]

    [​IMG]
     
  11. Y-A-S

    Y-A-S زيزوومى متألق

    إنضم إلينا في:
    ‏مايو 7, 2009
    المشاركات:
    327
    الإعجابات :
    2
    نقاط الجائزة:
    390
    الإقامة:
    KSA
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
  12. MAAX

    MAAX عضوشرف

    إنضم إلينا في:
    ‏يوليو 25, 2007
    المشاركات:
    46,402
    الإعجابات :
    2,660
    نقاط الجائزة:
    1,170
    الجنس:
    ذكر
    الإقامة:
    قريب منك
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    هذي الاصابة بقرص غير النظام
    رمزه h
    تاكد انك عطلت استعادة النظام عنه
     
  13. بلال عبدالعزيز

    بلال عبدالعزيز زيزوومي نشيط

    إنضم إلينا في:
    ‏أغسطس 14, 2007
    المشاركات:
    133
    الإعجابات :
    4
    نقاط الجائزة:
    170
    الإقامة:
    Syria - Damascus
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    منذُ فترة أصبت بهذا الفايروس .

    وهو خطير جداً يدمج نفسه مع الملفات التنفيذية مثل فايروس ستالي لكن هذا لم يستطيع الكاسبر تنظيفه ولا حتى إنقاذ النظام منه .

    وكانت الطريقة الوحيدة هي الفورمات .

    أطيب تحياتي ​
     
  14. ocab

    ocab زيزوومى محترف

    إنضم إلينا في:
    ‏أكتوبر 8, 2008
    المشاركات:
    1,749
    الإعجابات :
    927
    نقاط الجائزة:
    820
    الجنس:
    ذكر
    برامج الحماية:
    ESET
    نظام التشغيل:
    Windows 10
  15. protection

    protection لا إله إلا الله ★ نجم المنتدى ★

    إنضم إلينا في:
    ‏فبراير 8, 2008
    المشاركات:
    10,244
    الإعجابات :
    2,365
    نقاط الجائزة:
    1,120
    الجنس:
    ذكر
    الإقامة:
    .
    برامج الحماية:
    Norton
    نظام التشغيل:
    Windows 7
    والله متحمس معكم ياأخوان .. أدري ان الموضوع قديم

    لكن أبي نسخه من هالفايروس ^_*
     

مشاركة هذه الصفحة

جاري تحميل الصفحة...