فايروس أم دودة أم تروجان ...... ما أدري بس قهرني

الغزااااال · 15 أكتوبر 2008

السلام عليكم ورحمة الله وبركاته
في الصورة وضحت المشكلة حيث الملف حجمه 261 ويأتي بأسم المجلد
وهو مكرر في كل مجلد
جربت غالب برامج الحماية من الويندوز وحتى من البووووت باستخدام اسطوانة زيززووم
وما أفلحت أبداُ معي ولا زالت كما تروووووووووووووون
ووش الحل يا أحباب.؟؟؟

السّاجد لله · 15 أكتوبر 2008

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

Juve Guard · 15 أكتوبر 2008

هذي دودة
تزرع نفسها في كل مجلد بنفس اسمه
طبقي الي قاله هشام وان شاء الله خير

الغزااااال · 15 أكتوبر 2008

الأخوة الكرااااااااام هذا تقرير الأداة الاولي
ComboFix 08-10-14.07 - USER 10/15/2008 16:21:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.312 [GMT 3:00]
Running from: C:\Documents and Settings\USER\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 13:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-15 13:23 --------- d-----w C:\Documents and Settings\USER\Application Data\DMCache
2008-10-15 12:46 --------- d-----w C:\Program Files\Symantec
2008-10-15 12:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 03:08 --------- d-----w C:\Program Files\Alwil Software
2008-10-14 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-14 20:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 19:52 --------- d-----w C:\Program Files\Norton 360
2008-10-14 13:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 12:42 --------- d-----w C:\Documents and Settings\USER\Application Data\Symantec
2008-10-14 12:41 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-14 12:41 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-14 12:41 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-14 12:41 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-14 12:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-14 10:36 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-10-12 21:31 --------- d-----w C:\Program Files\BitDefender
2008-10-12 15:03 --------- d-----w C:\Documents and Settings\USER\Application Data\IDM
2008-10-12 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-10-12 10:22 --------- d-----w C:\Documents and Settings\USER\Application Data\Ahead
2008-10-11 14:01 --------- d-----w C:\Documents and Settings\USER\Application Data\PC Suite
2008-10-10 21:30 --------- d-----w C:\Program Files\MSBuild
2008-10-10 21:27 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-09 10:51 --------- d-----w C:\Documents and Settings\USER\Application Data\uTorrent
2008-10-08 11:30 --------- d-----w C:\Program Files\JLC's Software
2008-10-08 11:30 --------- d-----w C:\Documents and Settings\USER\Application Data\JLC's Software
2008-10-08 10:19 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-08 10:19 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-08 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-10-08 09:17 --------- d-----w C:\Documents and Settings\USER\Application Data\vlc
2008-10-08 08:40 --------- d-----w C:\Documents and Settings\USER\Application Data\Apple Computer
2008-10-08 07:00 --------- d-----w C:\Program Files\Orbitdownloader
2008-10-08 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-08 06:59 --------- d-----w C:\Program Files\uTorrent
2008-10-08 06:59 --------- d-----w C:\Program Files\BitComet
2008-10-08 06:58 --------- d-----w C:\Program Files\anoooos
2008-10-02 23:18 2,317,867 ----a-w C:\Program Files\Internet Download Manager_5.14.exe
2008-09-12 00:47 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-12 00:47 --------- d-----w C:\Program Files\ACD Systems
2008-09-12 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-12 00:43 --------- d-----w C:\Documents and Settings\USER\Application Data\ACD Systems
2008-09-12 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-11 23:21 --------- d-----w C:\Program Files\Safari
2008-09-11 23:20 --------- d-----w C:\Program Files\Bonjour
2008-09-11 23:20 --------- d-----w C:\Program Files\Apple Software Update
2008-09-11 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-11 16:40 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-11 16:40 --------- d-----w C:\Documents and Settings\USER\Application Data\URSoft
2008-09-11 16:39 --------- d-----w C:\Program Files\Yahoo!
2008-09-11 16:39 --------- d-----w C:\Program Files\CCleaner
2008-09-11 16:34 --------- d-----w C:\Program Files\Sony
2008-09-11 16:33 --------- d-----w C:\Program Files\Vstplugins
2008-09-11 16:32 --------- d-----w C:\Program Files\Sony Setup
2008-09-11 16:31 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-11 16:31 --------- d-----w C:\Program Files\Nokia
2008-09-11 16:31 --------- d-----w C:\Program Files\DIFX
2008-09-11 16:31 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-11 16:31 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-11 16:31 --------- d-----w C:\Documents and Settings\USER\Application Data\Nokia
2008-09-11 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-11 16:27 --------- d-----w C:\Documents and Settings\USER\Application Data\Orbit
2008-09-11 16:27 --------- d-----w C:\Documents and Settings\USER\Application Data\GrabPro
2008-09-11 16:26 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-09-11 16:26 --------- d-----w C:\Program Files\VideoLAN
2008-09-11 16:26 --------- d-----w C:\Program Files\mpegable
2008-09-11 16:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-11 16:18 --------- d-----w C:\Program Files\Xilisoft
2008-09-11 16:17 --------- d-----w C:\Program Files\QuickTime
2008-09-11 16:13 --------- d-----w C:\Program Files\DFX
2008-09-11 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-09-11 14:47 --------- d-----w C:\Program Files\Real
2008-09-11 14:47 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-11 14:47 --------- d-----w C:\Program Files\Common Files\Real
2008-09-11 14:43 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-09-11 14:43 --------- d-----w C:\Program Files\Common Files\Adobe
.
((((((((((((((((((((((((((((( snapshot@Tue 10-14-2008_15.05.17.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-11-17 17:31:32 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
+ 2004-10-14 07:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
+ 2004-10-14 07:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
+ 2004-10-14 07:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
+ 2004-10-14 07:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
+ 2004-10-28 01:28:18 721,920 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
+ 2004-10-28 01:15:16 448,128 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
+ 2004-10-28 01:14:56 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
+ 2004-10-14 08:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll
+ 2004-10-14 08:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
+ 2004-10-14 08:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll
+ 2004-10-14 08:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
+ 2004-09-29 22:31:17 134,912 ----a-w C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys
+ 2004-10-14 18:34:51 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB886185\spmsg.dll
+ 2004-10-14 18:36:16 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
+ 2004-10-14 18:36:15 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll
+ 2004-10-14 18:34:52 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
+ 2004-10-13 16:21:24 1,694,208 ----a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
+ 2004-10-14 08:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
+ 2004-10-14 08:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
+ 2004-10-14 08:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
+ 2004-10-14 08:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
+ 2005-04-22 05:18:52 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll
+ 2005-05-17 00:26:30 17,920 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\xpsp3res.dll
+ 2005-02-24 17:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
+ 2005-02-24 17:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
+ 2005-02-24 17:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
+ 2005-02-24 17:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
+ 2005-02-24 17:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
+ 2005-04-28 19:35:02 1,286,144 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
+ 2005-04-28 19:35:01 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll
+ 2005-04-28 19:35:01 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
+ 2005-04-28 19:35:01 396,288 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
+ 2005-02-24 17:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
+ 2005-02-24 17:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
+ 2005-02-24 17:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
+ 2005-02-24 17:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
+ 2005-02-24 17:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
+ 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2005-02-24 17:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
+ 2005-02-24 17:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
+ 2005-06-29 13:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-02-24 17:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
+ 2005-02-24 17:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2005-02-24 17:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2005-02-25 03:35:05 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll
+ 2005-02-25 03:35:05 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
+ 2005-02-25 03:35:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe
+ 2005-02-25 03:35:05 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll
+ 2005-02-25 03:35:05 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
+ 2005-02-25 03:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll
+ 2006-03-17 04:46:31 8,454,656 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
+ 2006-03-17 01:05:35 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
+ 2006-03-22 01:29:43 23,040 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
+ 2006-01-04 04:18:34 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
+ 2006-05-05 10:16:39 454,400 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
+ 2006-05-05 10:22:52 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll
+ 2006-11-27 15:17:10 539,136 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
+ 2006-11-27 15:17:10 433,664 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
+ 2006-10-12 13:54:18 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
+ 2006-10-12 13:54:18 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
+ 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
+ 2006-10-16 10:29:15 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
+ 2006-07-21 08:26:49 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
+ 2006-10-13 12:41:38 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:41:38 142,336 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:41:38 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-12-26 13:18:55 536,576 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
+ 2006-12-26 13:18:55 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
+ 2006-12-26 02:18:56 200,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
+ 2006-12-26 13:18:55 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
+ 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
+ 2007-03-09 11:28:00 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\updspapi.dll
+ 2005-03-21 12:00:20 2,890,240 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll
+ 2005-05-03 09:58:22 209,632 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
+ 2005-05-03 09:58:22 371,936 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 345,088 -c----w C:\WINDOWS\$NtUninstallKB873339$\hypertrm.dll
+ 2004-10-14 07:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
+ 2004-05-23 12:00:00 721,920 -c----w C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll
+ 2004-10-14 08:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
+ 2004-05-23 12:00:00 134,912 -c----w C:\WINDOWS\$NtUninstallKB886185$\ipnat.sys
+ 2004-10-14 18:36:16 169,984 -c----w C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
+ 2004-08-03 22:06:34 1,667,584 -c----w C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe
+ 2004-10-14 08:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
+ 2005-02-24 17:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe
+ 2005-02-24 17:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB890046$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 1,281,536 -c----w C:\WINDOWS\$NtUninstallKB894391$\ole32.dll
+ 2004-05-23 12:00:00 68,608 -c----w C:\WINDOWS\$NtUninstallKB894391$\olecli32.dll
+ 2004-05-23 12:00:00 34,304 -c----w C:\WINDOWS\$NtUninstallKB894391$\olecnv32.dll
+ 2004-05-23 12:00:00 395,776 -c----w C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
+ 2005-02-24 17:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe
+ 2005-02-24 17:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB894391$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 57,856 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
+ 2005-02-24 17:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe
+ 2005-02-24 17:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB896423$\spuninst\updspapi.dll
+ 2005-02-25 03:35:05 209,632 -c----w C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe
+ 2005-02-25 03:35:06 371,936 -c----w C:\WINDOWS\$NtUninstallKB898461$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 8,384,000 -c----w C:\WINDOWS\$NtUninstallKB908531$\shell32.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe
+ 2006-01-19 19:29:19 371,424 -c----w C:\WINDOWS\$NtUninstallKB908531$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 364,544 -c----w C:\WINDOWS\$NtUninstallKB911564$\npdsplay.dll
+ 2005-06-28 06:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe
+ 2005-06-28 06:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB911564$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB911927$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 67,584 -c----w C:\WINDOWS\$NtUninstallKB911927$\webclnt.dll
+ 2004-05-23 12:00:00 451,456 -c----w C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
+ 2004-05-23 12:00:00 176,512 -c----w C:\WINDOWS\$NtUninstallKB914389$\rdbss.sys
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB914389$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 537,088 -c----w C:\WINDOWS\$NtUninstallKB918118$\msftedit.dll
+ 2004-05-23 12:00:00 431,616 -c----w C:\WINDOWS\$NtUninstallKB918118$\riched20.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB918118$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 41,984 -c----w C:\WINDOWS\$NtUninstallKB920213$\agentdp2.dll
+ 2004-05-23 12:00:00 58,880 -c----w C:\WINDOWS\$NtUninstallKB920213$\agentdpv.dll
+ 2004-05-23 12:00:00 256,512 -c----w C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB920213$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 77,850 -c----w C:\WINDOWS\$NtUninstallKB920670$\hlink.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB920670$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 58,880 -c----w C:\WINDOWS\$NtUninstallKB923980$\nwapi32.dll
+ 2004-05-23 12:00:00 144,384 -c----w C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
+ 2004-05-23 12:00:00 163,584 -c----w C:\WINDOWS\$NtUninstallKB923980$\nwrdr.sys
+ 2004-05-23 12:00:00 64,000 -c----w C:\WINDOWS\$NtUninstallKB923980$\nwwks.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB923980$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 498,205 -c----w C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
+ 2005-06-28 07:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
+ 2005-06-28 07:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
+ 2004-05-23 12:00:00 246,302 -c----w C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
+ 2004-05-23 12:00:00 536,576 -c----w C:\WINDOWS\$NtUninstallKB927779$\msado15.dll
+ 2004-05-23 12:00:00 180,224 -c----w C:\WINDOWS\$NtUninstallKB927779$\msadomd.dll
+ 2004-05-23 12:00:00 200,704 -c----w C:\WINDOWS\$NtUninstallKB927779$\msadox.dll
+ 2004-05-23 12:00:00 102,400 -c----w C:\WINDOWS\$NtUninstallKB927779$\msjro.dll
+ 2006-01-19 19:29:19 213,216 -c----w C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe
+ 2006-01-19 19:29:19 371,424 -c----w C:\WINDOWS\$NtUninstallKB927779$\spuninst\updspapi.dll
+ 2006-10-12 14:02:52 57,344 -c----w C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll
+ 2006-01-19 19:29:19 213,216 -c----w C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe
+ 2006-01-19 19:29:19 371,424 -c----w C:\WINDOWS\$NtUninstallKB932168$\spuninst\updspapi.dll
+ 2006-10-16 10:21:48 115,200 -c----w C:\WINDOWS\$NtUninstallKB932168$\xpsp3res.dll
+ 2004-05-23 12:00:00 1,032,192 -c----w C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB938828$\spuninst\updspapi.dll
+ 2007-10-27 13:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 13:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2006-10-18 18:47:18 222,208 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2006-03-17 04:03:54 8,452,096 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2006-03-17 04:03:54 8,452,096 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-03-09 10:02:31 115,200 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2004-05-23 12:00:00 278,016 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-10-14 20:59:40 42,248 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll
+ 2008-10-14 20:59:41 27,912 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll
+ 2008-10-14 20:59:41 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll
+ 2008-10-14 20:59:41 83,296 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
- 2004-05-23 12:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2006-12-22 07:49:12 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2004-05-23 12:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-05-23 12:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-05-23 12:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2004-05-23 12:00:00 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 16:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2004-05-23 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2004-05-23 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2004-05-23 12:00:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-05-23 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 16:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2004-05-23 12:00:00 498,205 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2006-08-22 01:05:26 498,742 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
- 2004-05-23 12:00:00 1,032,192 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2004-05-23 12:00:00 278,016 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2004-05-23 12:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:24:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2004-05-23 12:00:00 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2004-05-23 12:00:00 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-10-28 01:21:01 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-05-23 12:00:00 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2004-05-23 12:00:00 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2004-05-23 12:00:00 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:07:23 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2004-05-23 12:00:00 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:54:06 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2005-03-21 12:00:20 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-03 09:58:36 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-05-23 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:07:23 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2004-05-23 12:00:00 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
+ 2005-11-29 13:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
- 2004-05-23 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 -c--a-w C:\WINDOWS\system32\dllcache\nwapi32.dll
- 2004-05-23 12:00:00 144,384 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
- 2004-05-23 12:00:00 163,584 -c--a-w C:\WINDOWS\system32\dllcache\nwrdr.sys
+ 2006-10-13 10:23:15 163,584 -c--a-w C:\WINDOWS\system32\dllcache\nwrdr.sys
- 2004-05-23 12:00:00 64,000 -c--a-w C:\WINDOWS\system32\dllcache\nwwks.dll
+ 2006-10-13 12:35:12 65,536 -c--a-w C:\WINDOWS\system32\dllcache\nwwks.dll
- 2004-05-23 12:00:00 1,281,536 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2005-04-28 19:31:11 1,285,120 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2004-05-23 12:00:00 68,608 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-04-28 19:31:11 74,752 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2004-05-23 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-04-28 19:31:11 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2004-05-23 12:00:00 176,512 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
- 2004-05-23 12:00:00 431,616 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2006-11-27 14:54:06 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
- 2004-05-23 12:00:00 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2005-04-28 19:31:11 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
- 2004-05-23 12:00:00 8,384,000 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2004-05-23 12:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2004-05-23 12:00:00 246,302 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2006-08-21 06:52:08 246,814 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
- 2006-12-22 07:49:12 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2004-05-23 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
+ 2006-01-04 03:35:05 68,096 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
- 2006-10-18 18:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-27 14:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-05-23 12:00:00 430,592 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 16:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2004-05-23 12:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 16:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2004-05-23 12:00:00 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 16:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2004-05-23 12:00:00 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 16:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2004-05-23 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 16:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2004-05-23 12:00:00 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 16:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 17:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2007-08-09 00:39:56 36,056 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
+ 2008-07-30 14:42:12 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2008-04-17 10:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2004-05-23 12:00:00 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2004-05-23 12:00:00 451,456 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-05-23 12:00:00 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
+ 2006-10-13 10:23:15 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
- 2004-05-23 12:00:00 176,512 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2008-02-01 01:51:16 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2008-02-01 01:51:16 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2008-02-01 01:51:16 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2008-02-05 19:34:43 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
+ 2008-02-05 19:34:43 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
+ 2008-02-05 19:34:43 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
+ 2008-02-06 21:43:53 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
+ 2008-02-05 19:34:43 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
+ 2008-02-05 19:34:43 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
+ 2008-02-05 19:34:43 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
+ 2008-02-05 19:34:43 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
+ 2008-04-17 10:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 10:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
- 2004-05-23 12:00:00 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2006-08-22 01:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2004-05-23 12:00:00 278,016 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-04-17 10:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2004-05-23 12:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-05-23 12:00:00 345,088 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:41:24 347,136 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2004-05-23 12:00:00 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-10-28 01:21:01 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2004-05-23 12:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2005-03-21 12:00:20 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-03 09:58:36 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-05-23 12:00:00 58,880 ----a-w C:\WINDOWS\system32\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll
- 2004-05-23 12:00:00 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-05-23 12:00:00 64,000 ----a-w C:\WINDOWS\system32\nwwks.dll
+ 2006-10-13 12:35:12 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll
- 2004-05-23 12:00:00 1,281,536 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-04-28 19:31:11 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-05-23 12:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-04-28 19:31:11 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2004-05-23 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-04-28 19:31:11 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2008-10-14 12:00:08 65,566 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-15 11:46:57 65,566 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-14 12:00:08 425,948 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-15 11:46:57 425,948 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-05-23 12:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-05-23 12:00:00 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-04-28 19:31:11 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-05-23 12:00:00 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-07-30 16:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2006-10-16 13:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-05-23 12:00:00 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-05-23 12:00:00 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-21 06:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2008-02-20 01:06:11 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
+ 2008-02-20 01:06:11 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
+ 2006-03-17 00:38:01 28,672 ------w C:\WINDOWS\system32\verclsid.exe
- 2004-05-23 12:00:00 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2006-10-18 18:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
+ 2007-10-27 14:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-05-23 12:00:00 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 16:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-05-23 12:00:00 111,104 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 16:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-05-23 12:00:00 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 16:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-05-23 12:00:00 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 16:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-05-23 12:00:00 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 16:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 16:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-05-23 12:00:00 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 16:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-10-15 11:41:39 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_32c.dat
+ 2008-10-15 11:41:53 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_474.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
02/26/2008 11:34 AM 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
02/26/2008 11:34 AM 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
02/26/2008 11:34 AM 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/23/2004 03:00 PM 15360]
"IDMan"="C:\Program Files\anoooos\Internet Download Manager\IDMan.exe" [09/01/2008 07:04 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 05:38 PM 78008]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 10:37 PM 51048]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Suitcase Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk
backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\USER\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 06/23/2006 08:00 PM 3394048 C:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 03/17/2007 04:10 AM 1392640 C:\WINDOWS\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 02/18/2008 10:37 PM 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 05/23/2004 03:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 10/27/2006 12:47 AM 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 09/01/2008 07:04 PM 2606512 C:\Program Files\anoooos\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 12/14/2005 03:41 AM 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 12/14/2005 03:45 AM 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 12/14/2005 03:44 AM 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 04/06/2004 08:36 PM 1298542 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 02/26/2008 05:50 PM 988512 C:\Program Files\Norton 360\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 06/18/2008 02:31 PM 1122816 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v2]
--a------ 11/10/2003 11:06 PM 385024 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 12/08/2003 05:35 PM 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09/11/2008 05:47 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
-ra------ 03/25/2006 03:30 AM 282624 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20826:TCP"= 20826:TCP:BitComet 20826 TCP
"20826:UDP"= 20826:UDP:BitComet 20826 UDP
R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [01/23/2007 12:26 AM 17264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [07/19/2008 05:35 PM 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [07/19/2008 05:37 PM 20560]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [07/30/2008 05:42 PM 23888]
*Newly Created Service* - COMHOST
.
s of the 'Scheduled Tasks' folder
2008-09-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [04/11/2008 05:57 PM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\q0v3bmwy.default\
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPJava11.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPJava12.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPJava131_18.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPJava32.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPOJI600.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava11.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava12.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava131_18.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npoji600.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-15 16:23:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/15/2008 16:24:35
ComboFix-quarantined-files.txt 2008-10-15 13:24:16
ComboFix2.txt 2008-10-14 12:05:32
ComboFix3.txt 2008-10-14 10:44:50
ComboFix4.txt 2008-10-12 10:41:53
Pre-Run: 21,648,596,992 bytes free
Post-Run: 21,881,888,768 bytes free
669 --- E O F --- 2008-10-15 03:36:04

الغزااااال · 15 أكتوبر 2008

وهذااااااااااااااااا تقريرالهاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:26:07 م, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\anoooos\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\USER\Desktop\Zyzoom_HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\anoooos\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\anoooos\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8031 bytes

الغزااااال · 15 أكتوبر 2008

الأستـــــــــــــاذ الكريم :::::::: Juve Guard
الأستـــــــــــــاذ الكريم :::::::: hesham77

أشكر لكم حسن تفاعلكم والله الكريم يحفظكم ويرعاكم

السّاجد لله · 15 أكتوبر 2008

جار التحليل

السّاجد لله · 15 أكتوبر 2008

حددي القيم التاليو واحذفيها

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dl

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

ثم ادخل على ازالة البرامج واحذف اي تولبار لديك ثم تقرير جديد وكيف حالة الجهاز الان
[/B]

الغزااااال · 16 أكتوبر 2008

الأخ hesham77

تم تنفيذ ما طلبته
ولا زالات الأمر كما هو ...............

الغزااااال · 16 أكتوبر 2008

هذا التقرير الأول بعد الحذذذذذذذذذذذف

=============
ComboFix 08-10-15.01 - USER 10/16/2008 0:15:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.652 [GMT 3:00]
Running from: C:\Documents and Settings\USER\Desktop\New Folder\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 21:16 --------- d-----w C:\Documents and Settings\USER\Application Data\DMCache
2008-10-15 21:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-15 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-15 21:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 20:54 --------- d-----w C:\Documents and Settings\USER\Application Data\CyberScrub
2008-10-15 20:54 --------- d-----w C:\Documents and Settings\USER\Application Data\cleaner
2008-10-15 14:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-15 14:16 --------- d-----w C:\Program Files\Common Files\Real
2008-10-15 14:15 --------- d-----w C:\Program Files\Google
2008-10-15 03:08 --------- d-----w C:\Program Files\Alwil Software
2008-10-14 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-14 20:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 12:42 --------- d-----w C:\Documents and Settings\USER\Application Data\Symantec
2008-10-14 10:36 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-10-12 21:31 --------- d-----w C:\Program Files\BitDefender
2008-10-12 15:03 --------- d-----w C:\Documents and Settings\USER\Application Data\IDM
2008-10-12 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-10-12 10:22 --------- d-----w C:\Documents and Settings\USER\Application Data\Ahead
2008-10-11 14:01 --------- d-----w C:\Documents and Settings\USER\Application Data\PC Suite
2008-10-10 21:30 --------- d-----w C:\Program Files\MSBuild
2008-10-10 21:27 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-09 10:51 --------- d-----w C:\Documents and Settings\USER\Application Data\uTorrent
2008-10-08 11:30 --------- d-----w C:\Program Files\JLC's Software
2008-10-08 11:30 --------- d-----w C:\Documents and Settings\USER\Application Data\JLC's Software
2008-10-08 10:19 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-08 10:19 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-08 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-10-08 09:17 --------- d-----w C:\Documents and Settings\USER\Application Data\vlc
2008-10-08 08:40 --------- d-----w C:\Documents and Settings\USER\Application Data\Apple Computer
2008-10-08 07:00 --------- d-----w C:\Program Files\Orbitdownloader
2008-10-08 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-08 06:59 --------- d-----w C:\Program Files\uTorrent
2008-10-08 06:59 --------- d-----w C:\Program Files\BitComet
2008-10-08 06:58 --------- d-----w C:\Program Files\anoooos
2008-10-02 23:18 2,317,867 ----a-w C:\Program Files\Internet Download Manager_5.14.exe
2008-09-12 00:47 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-12 00:47 --------- d-----w C:\Program Files\ACD Systems
2008-09-12 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-12 00:43 --------- d-----w C:\Documents and Settings\USER\Application Data\ACD Systems
2008-09-12 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-11 23:21 --------- d-----w C:\Program Files\Safari
2008-09-11 23:20 --------- d-----w C:\Program Files\Bonjour
2008-09-11 23:20 --------- d-----w C:\Program Files\Apple Software Update
2008-09-11 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-11 16:40 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-11 16:40 --------- d-----w C:\Documents and Settings\USER\Application Data\URSoft
2008-09-11 16:39 --------- d-----w C:\Program Files\Yahoo!
2008-09-11 16:39 --------- d-----w C:\Program Files\CCleaner
2008-09-11 16:34 --------- d-----w C:\Program Files\Sony
2008-09-11 16:33 --------- d-----w C:\Program Files\Vstplugins
2008-09-11 16:32 --------- d-----w C:\Program Files\Sony Setup
2008-09-11 16:31 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-11 16:31 --------- d-----w C:\Program Files\Nokia
2008-09-11 16:31 --------- d-----w C:\Program Files\DIFX
2008-09-11 16:31 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-11 16:31 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-11 16:31 --------- d-----w C:\Documents and Settings\USER\Application Data\Nokia
2008-09-11 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-11 16:27 --------- d-----w C:\Documents and Settings\USER\Application Data\Orbit
2008-09-11 16:27 --------- d-----w C:\Documents and Settings\USER\Application Data\GrabPro
2008-09-11 16:26 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-09-11 16:26 --------- d-----w C:\Program Files\VideoLAN
2008-09-11 16:26 --------- d-----w C:\Program Files\mpegable
2008-09-11 16:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-11 16:18 --------- d-----w C:\Program Files\Xilisoft
2008-09-11 16:17 --------- d-----w C:\Program Files\QuickTime
2008-09-11 16:13 --------- d-----w C:\Program Files\DFX
2008-09-11 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-09-11 14:47 --------- d-----w C:\Program Files\Real
2008-09-11 14:43 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-09-11 14:43 --------- d-----w C:\Program Files\Common Files\Adobe
.
((((((((((((((((((((((((((((( snapshot_Wed 10-15-2008_16.23.55.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-15 11:46:57 65,566 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-15 21:13:01 65,566 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-15 11:46:57 425,948 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-15 21:13:01 425,948 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-09-11 14:47:22 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-10-15 14:15:43 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-09-11 14:47:23 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-10-15 14:15:53 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-09-11 14:47:23 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-10-15 14:15:53 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-09-11 14:47:26 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-10-15 14:16:36 185,920 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-10-15 21:08:40 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/23/2004 03:00 PM 15360]
"IDMan"="C:\Program Files\anoooos\Internet Download Manager\IDMan.exe" [09/01/2008 07:04 PM 2606512]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [10/15/2008 05:15 PM 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 05:38 PM 78008]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/15/2008 05:15 PM 185872]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Suitcase Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk
backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\USER\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 06/23/2006 08:00 PM 3394048 C:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 03/17/2007 04:10 AM 1392640 C:\WINDOWS\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 05/23/2004 03:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 10/27/2006 12:47 AM 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 09/01/2008 07:04 PM 2606512 C:\Program Files\anoooos\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 12/14/2005 03:41 AM 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 12/14/2005 03:45 AM 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 12/14/2005 03:44 AM 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 04/06/2004 08:36 PM 1298542 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 06/18/2008 02:31 PM 1122816 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v2]
--a------ 11/10/2003 11:06 PM 385024 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 12/08/2003 05:35 PM 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 10/15/2008 05:15 PM 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
-ra------ 03/25/2006 03:30 AM 282624 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20826:TCP"= 20826:TCP:BitComet 20826 TCP
"20826:UDP"= 20826:UDP:BitComet 20826 UDP
R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [01/23/2007 12:26 AM 17264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [07/19/2008 05:35 PM 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [07/19/2008 05:37 PM 20560]
.
s of the 'Scheduled Tasks' folder
2008-09-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [04/11/2008 05:57 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - C:\Program Files\Norton 360\osCheck.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\q0v3bmwy.default\
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPJava11.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPJava12.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPJava131_18.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPJava32.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\NPOJI600.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava11.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava12.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava131_18.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPJava32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npoji600.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-16 00:16:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/16/2008 0:17:48
ComboFix-quarantined-files.txt 2008-10-15 21:17:40
ComboFix2.txt 2008-10-15 13:24:56
ComboFix3.txt 2008-10-14 12:05:32
ComboFix4.txt 2008-10-14 10:44:50
ComboFix5.txt 2008-10-15 21:14:44
Pre-Run: 22,355,300,352 bytes free
Post-Run: 22,357,098,496 bytes free
230 --- E O F --- 2008-10-15 03:36:04

=============

الغزااااال · 16 أكتوبر 2008

وهذا تقرير الهاك بعد الحذففففففففففف

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:24 ص, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\anoooos\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Desktop\New Folder\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\anoooos\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\anoooos\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6940 bytes

Juve Guard · 16 أكتوبر 2008

سوي فحص كامل لجهازك بالافاست

السّاجد لله · 16 أكتوبر 2008

بقيت هذه القيمة احذفها

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

ثم اعمل التالي

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم وافق على اعادة التغشيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم نزل هذه الاداة

حمل اداة الكاسبر من الرابط التالي
بعدين أدخل من السيف مود
واتبع التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

وأحفظ التقرير

الغزااااال · 16 أكتوبر 2008

أخي هشام طفشششششششششششت صح
ومن القهررررررررررررر قمت بفرمتت c #
ولا يزال الفايروس موجوووووووود في # D #
يبدو أنه مسنتر صح

فارس الملاك · 16 أكتوبر 2008

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

صدى الحرمان · 16 أكتوبر 2008

أخي الغالي

عليك ببرنامج النو 32

على الضمانه الشخضية

مجربة

Nod 32

بجيب لك الروابط الان

صدى الحرمان · 16 أكتوبر 2008

في البداية أحذف أي مكافح لان هذا المكافح لا يقبل أي شريك

ثانيا

عليك بهذا البرنامج و راح تنحل مشكلتك ان شاء الله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نرجو التبليغ

كي يستفيد الجميع

و لك جزيل الشكر و التقدير

الغزااااال · 17 أكتوبر 2008

الكريم صدى الحرمان شكر الله سعيك
نعم نزلن النووود 32 وسويت له تحدبق وطلع لي ثلاث فايروسات .... ولم يحذف إلا واحد فقط
ولا زال الأمر كما هو لم يتغير شئ ......

الغزااااال · 17 أكتوبر 2008

الأخ الكريم فارس الملاك

هذا تقرير بعد فرمتة الجهاز .....
وبعد تنزيل النوود32 .....

----------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:54 ص, on 17/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\anoooos\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\anoooos\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\AAAAAAAANTTTTTTTTTTTTTT\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\anoooos\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\anoooos\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\anoooos\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7853 bytes

----------------------------------------------------------------------------------------------------------

البارون · 17 أكتوبر 2008

:y::y::y: الان بعد تحليل التقرير

احذف هالقيم

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

واحذف اي tool bar موجود في جهازك (( من اضافة وازالة البرامج ))

ركب الكاسبر ولا الافيرا لانو واضح انو النود مش هاك الحماية على جهازك

استخدم هالاداة

جرب هنا

وعطنا تقرير هالاداة بعد

اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعدين هنا

(.. شرح أداة ATF-Cleaner ..)
.
نقوم بتحميل الأداة من :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.

وهات تقرير الاداة مع تقرير هايجاك اللمتابع

زيزوومي نشيط

توقيع : الغزااااال

زيزوومى فضى

توقيع : السّاجد لله

خبراء زيزووم

توقيع : Juve GuardJuve Guard is verified member.

زيزوومي نشيط

توقيع : الغزااااال

زيزوومي نشيط

توقيع : الغزااااال

زيزوومي نشيط

توقيع : الغزااااال

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي نشيط

توقيع : الغزااااال

زيزوومي نشيط

توقيع : الغزااااال

زيزوومي نشيط

توقيع : الغزااااال

خبراء زيزووم

توقيع : Juve GuardJuve Guard is verified member.

زيزوومى فضى

توقيع : السّاجد لله

زيزوومي نشيط

توقيع : الغزااااال

زيزوومى محترف

توقيع : فارس الملاك

زيزوومي جديد

زيزوومي جديد

زيزوومي نشيط

توقيع : الغزااااال

زيزوومي نشيط

توقيع : الغزااااال

زيزوومى فضى

توقيع : البارون

توقيع : Juve Guard

توقيع : Juve Guard