- بادئ الموضوع a.t.f
- تاريخ البدء
- 2,024
ComboFix 09-07-02.02 - User 07/03/2009 21:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2038.1431 [GMT 3:00]
Running from: c:\downloads\Software\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-07-03 17:11 . 2009-07-03 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-03 15:30 . 2009-07-03 18:29 -------- d-----w- c:\docume~1\User\APPLIC~1\Free Download Manager
2009-07-03 15:30 . 2009-07-03 15:30 -------- d-----w- c:\program files\Free Download Manager
2009-07-03 15:30 . 2009-07-03 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-07-03 14:23 . 2009-07-03 14:23 -------- d-----w- c:\documents and settings\tazebama.dl_
2009-07-02 19:14 . 2009-07-02 19:14 -------- d-----w- c:\docume~1\User\APPLIC~1\Avira
2009-07-02 16:50 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-02 16:50 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-02 16:50 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-02 16:50 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-02 16:50 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-02 16:50 . 2009-07-02 16:50 -------- d-----w- c:\program files\Avira
2009-07-01 18:53 . 2009-07-01 18:54 -------- d-----w- c:\program files\Circle Developement
2009-07-01 18:50 . 2009-07-03 16:27 -------- d-----w- c:\documents and settings\User\Tracing
2009-07-01 18:46 . 2009-07-01 18:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-01 18:45 . 2009-07-01 18:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-01 18:45 . 2009-07-01 18:45 -------- d-----w- c:\program files\Microsoft
2009-07-01 18:44 . 2009-07-01 18:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 18:44 . 2009-07-01 18:49 -------- d-----w- c:\program files\Windows Live
2009-07-01 18:43 . 2009-07-01 18:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-30 17:01 . 2009-06-30 17:33 -------- d-----w- c:\program files\USB Disk Security
2009-06-30 15:48 . 2009-06-30 15:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Yahoo
2009-06-30 15:48 . 2009-06-30 15:48 262144 ----a-w- C:\ntuser.dat
2009-06-30 15:48 . 2009-07-01 23:07 -------- d-----w- c:\docume~1\User\APPLIC~1\Yahoo!
2009-06-30 15:47 . 2009-05-26 16:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-30 13:09 . 2009-06-30 22:17 -------- d-----w- c:\program files\AutorunRemover
2009-06-28 10:39 . 2009-06-28 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-27 13:54 . 2009-06-27 13:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberScrub
2009-06-27 10:14 . 2009-06-27 10:14 -------- d-----w- c:\windows\system32\embedded
2009-06-27 10:14 . 2009-06-27 10:25 -------- d-----w- c:\program files\Spyware Doctor
2009-06-26 20:51 . 2007-05-10 07:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2009-06-26 15:47 . 2009-06-26 15:58 -------- d-----w- c:\docume~1\User\APPLIC~1\GetRightToGo
2009-06-26 15:16 . 2009-06-27 19:56 -------- d-----w- c:\docume~1\User\APPLIC~1\CyberScrub
2009-06-26 15:16 . 2009-06-26 15:16 -------- d-----w- c:\docume~1\User\APPLIC~1\cleaner
2009-06-25 17:23 . 2009-06-25 17:23 -------- d-----w- c:\docume~1\User\APPLIC~1\Motive
2009-06-25 17:23 . 2009-06-25 17:25 -------- d-----w- c:\program files\Fahess_Activation
2009-06-25 17:22 . 2009-06-25 17:23 -------- d-----w- c:\program files\Common Files\Motive
2009-06-25 17:22 . 2009-06-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-24 17:59 . 2009-06-24 20:31 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-24 17:27 . 2009-06-24 17:27 -------- d-----w- c:\windows\system32\logs
2009-06-24 17:26 . 2009-06-24 20:32 -------- d-----w- c:\program files\BitDefender
2009-06-24 17:26 . 2009-06-24 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-06-24 17:25 . 2009-06-24 17:26 -------- d-----w- c:\windows\system32\URTTemp
2009-06-24 17:14 . 2009-06-24 20:32 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-21 20:35 . 2009-07-03 12:40 -------- d-----w- c:\docume~1\User\APPLIC~1\IDM
2009-06-17 17:59 . 2006-05-21 12:15 966144 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2009-06-17 17:59 . 2006-05-21 12:15 877568 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-06-17 17:59 . 2006-05-21 12:15 634880 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2009-06-17 17:59 . 2006-05-21 12:15 522752 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2009-06-17 17:59 . 2006-05-21 12:15 467968 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-06-17 17:59 . 2006-05-21 12:15 467456 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-06-17 17:59 . 2009-06-17 17:59 -------- d-----w- c:\docume~1\User\APPLIC~1\concept design
2009-06-17 16:07 . 2009-06-17 16:07 -------- d-----w- c:\program files\XeroBank
2009-06-14 17:49 . 2009-06-14 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-14 12:54 . 2009-06-14 12:54 -------- d-----w- c:\docume~1\User\APPLIC~1\gnupg
2009-06-13 19:59 . 2009-06-13 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-06-13 19:59 . 2009-06-13 16:47 24433136 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_ar.exe
2009-06-13 19:59 . 2009-06-13 19:59 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-13 19:59 . 2009-06-13 19:59 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-13 19:59 . 2009-06-13 19:59 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-13 19:56 . 2009-06-13 19:56 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-13 19:56 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-13 19:56 . 2009-06-13 19:56 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\docume~1\User\APPLIC~1\TuneUp Software
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-13 19:54 . 2009-06-13 19:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-13 19:52 . 2009-06-13 19:52 -------- d-----w- c:\program files\janusware
2009-06-10 04:50 . 2009-06-27 14:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-10 04:50 . 2009-06-10 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-06-10 04:50 . 2009-06-10 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-06 19:40 . 2009-06-06 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\The Skins Factory
2009-06-06 19:40 . 2008-10-07 07:44 1277952 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe
2009-06-06 19:40 . 2008-06-25 06:55 888832 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxBaseV.dll
2009-06-06 19:40 . 2008-06-25 06:55 798720 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxXML2V.dll
2009-06-06 19:40 . 2008-06-25 06:55 786432 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxImV.dll
2009-06-06 19:40 . 2008-06-25 06:55 733184 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxJavaScriptV.dll
2009-06-06 19:40 . 2008-06-25 06:55 528384 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxProcV.dll
2009-06-06 19:40 . 2008-06-25 06:55 458752 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxFFV.dll
2009-06-06 19:40 . 2008-06-25 06:55 2105344 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxCmpV.dll
2009-06-06 19:40 . 2008-06-25 06:55 159744 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxZipV.dll
2009-06-06 19:40 . 2008-06-25 06:55 1421312 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxCommonV.dll
2009-06-06 19:39 . 2009-06-06 19:39 -------- d-----w- c:\docume~1\User\APPLIC~1\Skinux
2009-06-06 19:36 . 2009-06-06 19:36 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations
2009-06-05 13:33 . 2009-06-05 13:39 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Hotspot_Shield
2009-06-05 11:23 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-05 11:23 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-05 11:23 . 2008-03-21 10:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-04 21:32 . 2009-06-04 21:34 -------- d-----w- c:\program files\VistaDrives
2009-06-04 21:21 . 2009-06-04 21:21 18599936 ----a-w- c:\windows\system32\videoencode.dll
2009-06-04 21:21 . 2009-06-04 21:21 90112 ----a-w- c:\windows\system32\ssvideo.dll
2009-06-04 21:21 . 2009-06-04 21:21 1128128 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-06-04 21:21 . 2009-06-30 11:29 778240 ----a-w- c:\windows\system32\ALOAudioCompress2.dll
2009-06-04 21:21 . 2009-06-04 21:21 18595840 ----a-w- c:\windows\system32\coredata.dll
2009-06-04 21:21 . 2006-07-28 22:22 51712 ----a-w- c:\windows\system32\coodest.dll
2009-06-04 21:21 . 2003-08-07 12:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-04 21:21 . 2005-05-19 00:17 40960 ----a-w- c:\windows\system32\osenxpsuite2005.dll
2009-06-04 21:20 . 2009-06-04 21:20 -------- d-----w- c:\program files\Ozone
2009-06-04 16:18 . 2009-06-30 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 15:28 . 2009-05-16 09:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 12:39 . 2009-05-09 16:47 -------- d-----w- c:\docume~1\User\APPLIC~1\DMCache
2009-07-02 23:09 . 2009-05-08 19:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 21:39 . 2009-05-10 20:23 -------- d-----w- c:\program files\CCleaner
2009-07-02 18:33 . 2009-05-11 20:47 -------- d-----w- c:\program files\LtUcx
2009-07-02 16:50 . 2009-05-09 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-02 16:36 . 2009-05-27 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-01 23:17 . 2009-05-09 16:54 -------- d-----w- c:\docume~1\User\APPLIC~1\Skype
2009-07-01 23:07 . 2009-05-10 20:23 -------- d-----w- c:\program files\Yahoo!
2009-07-01 23:03 . 2009-07-01 22:59 -------- d-----w- c:\program files\DivX
2009-07-01 22:59 . 2009-07-01 22:59 -------- d-----w- c:\docume~1\User\APPLIC~1\DivX
2009-07-01 18:53 . 2009-05-09 06:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-01 18:31 . 2009-05-10 20:21 -------- d-----w- c:\program files\BitComet
2009-07-01 16:52 . 2009-07-01 16:52 2678 ----a-w- c:\windows\java\Packages\Data\BVRFTNPR.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\QNTZVVFP.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\HZRDBHBV.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\6TBXR9RH.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\TFLVXV9Z.DAT
2009-06-26 22:10 . 2009-05-08 19:00 101184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 16:08 . 2009-05-16 05:30 -------- d-----w- c:\program files\مجموعة أفلام
2009-06-26 11:42 . 2009-05-28 16:41 -------- d-----w- c:\program files\UlisesSoft
2009-06-15 23:49 . 2009-05-10 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-13 20:16 . 2009-05-11 15:46 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 20:16 . 2009-05-09 18:37 -------- d-----w- c:\program files\Nokia
2009-06-13 19:59 . 2009-05-09 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-06 18:59 . 2009-05-09 06:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 11:23 . 2009-06-05 11:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-05 11:23 . 2009-06-05 11:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-03 21:52 . 2009-05-09 16:34 -------- d-----w- c:\program files\معالج الصور
2009-06-02 19:19 . 2009-06-02 19:17 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2009-06-02 19:14 . 2009-06-02 19:09 -------- d-----w- c:\program files\computer4u
2009-06-02 19:00 . 2009-02-01 09:10 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-02 18:48 . 2009-05-28 20:36 -------- d-----w- c:\program files\KoolMoves Demo
2009-06-02 18:36 . 2009-06-02 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Laconic Software
2009-06-02 18:35 . 2009-06-02 18:35 -------- d-----w- c:\program files\Free Fire Screensaver
2009-05-31 19:51 . 2009-05-31 19:38 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-31 19:46 . 2009-05-31 19:38 -------- d-----w- c:\program files\Mgutil
2009-05-31 19:38 . 2009-05-31 19:38 -------- d-----w- c:\docume~1\User\APPLIC~1\URSoft
2009-05-30 20:54 . 2009-05-30 20:54 -------- d-----w- c:\program files\Hide Folders 2009
2009-05-30 19:00 . 2009-05-30 19:00 -------- d-----w- c:\program files\SigmaTel
2009-05-30 19:00 . 2009-05-08 19:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-29 20:35 . 2009-05-29 20:05 -------- d-----w- c:\program files\InTouchLock
2009-05-29 20:19 . 2009-05-21 22:22 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-29 20:16 . 2009-05-29 20:00 -------- d-----w- c:\docume~1\User\APPLIC~1\uTorrent
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\docume~1\User\APPLIC~1\ESET
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-28 13:37 . 2009-05-28 13:37 -------- d-----w- c:\program files\microsoft frontpage
2009-05-28 13:24 . 2009-05-28 13:24 -------- d-----w- c:\docume~1\User\APPLIC~1\PC Tools
2009-05-26 19:41 . 2009-05-09 17:00 -------- d-----w- c:\docume~1\User\APPLIC~1\skypePM
2009-05-24 20:30 . 2009-05-08 18:54 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-24 17:05 . 2009-05-24 17:05 -------- d-----w- c:\program files\Conduit
2009-05-22 14:33 . 2009-05-09 18:37 -------- d-----w- c:\docume~1\User\APPLIC~1\Nokia
2009-05-18 20:11 . 2009-05-18 20:09 -------- d-----w- c:\docume~1\User\APPLIC~1\DeskSoft
2009-05-16 18:46 . 2009-05-16 18:46 1172 ----a-w- c:\windows\mozver.dat
2009-05-16 18:07 . 2009-05-16 18:07 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 16:19 . 2009-05-16 16:19 -------- d-----w- c:\program files\Ask Search Assistant
2009-05-15 12:26 . 2009-05-15 12:26 -------- d-----w- c:\docume~1\User\APPLIC~1\Avant Profiles
2009-05-13 19:01 . 2009-05-09 16:53 -------- d-----w- c:\program files\Google
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-11 15:45 . 2009-05-11 15:45 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-11 15:45 . 2009-05-11 15:45 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-11 15:45 . 2009-05-11 15:45 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-11 15:44 . 2009-05-11 15:45 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara.exe
2009-05-10 20:24 . 2009-05-10 20:24 -------- d-----w- c:\program files\Microsoft Works
2009-05-10 20:24 . 2009-05-10 20:24 -------- d-----w- c:\program files\MSBuild
2009-05-10 20:20 . 2009-05-09 21:12 57344 ----a-w- c:\windows\system32\IMSInfo.dll
2009-05-09 21:10 . 2009-05-09 16:35 -------- d-----w- c:\docume~1\User\APPLIC~1\Media Player Classic
2009-05-09 18:39 . 2009-05-09 18:37 -------- d-----w- c:\docume~1\User\APPLIC~1\PC Suite
2009-05-09 18:39 . 2009-05-09 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-09 18:36 . 2009-05-09 18:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-09 18:36 . 2009-05-09 18:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-09 18:36 . 2009-05-09 18:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-09 17:00 . 2009-05-09 17:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----w- c:\program files\Common Files\Skype
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----r- c:\program files\Skype
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w- c:\docume~1\User\APPLIC~1\Windows Search
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-09 16:35 . 2009-05-09 06:42 -------- d-----w- c:\program files\Common Files\Real
2009-05-09 06:46 . 2009-05-09 06:46 -------- d-----w- c:\program files\Alwil Software
2009-05-09 06:42 . 2009-05-09 06:42 -------- d-----w- c:\program files\Real
2009-05-09 06:41 . 2009-05-09 06:41 -------- d-----w- c:\program files\Ahead
2009-05-09 06:41 . 2009-05-09 06:41 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-09 06:35 . 2009-05-09 06:35 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-09 06:35 . 2009-05-09 06:35 172032 ------w- c:\windows\Setup1.exe
2009-05-09 06:35 . 2009-05-09 06:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-09 06:33 . 2009-05-09 06:33 -------- d-----w- c:\docume~1\User\APPLIC~1\vlc
2009-05-09 06:31 . 2009-05-09 06:31 -------- d-----w- c:\program files\VideoLAN
2009-05-09 06:31 . 2009-05-09 06:31 2232 ----a-w- c:\windows\java\Packages\Data\5Z1FRX7F.DAT
2009-05-09 06:31 . 2009-05-09 06:31 155995 ----a-w- c:\windows\java\Packages\IADZ3NPB.ZIP
2009-05-08 19:25 . 2009-05-08 19:25 -------- d-----w- c:\program files\DIFX
2009-05-08 19:24 . 2009-05-08 19:24 -------- d-----w- c:\program files\Intel
2009-05-08 19:22 . 2009-05-08 19:22 -------- d-----w- c:\program files\WIDCOMM
2009-05-08 19:21 . 2009-05-08 19:21 -------- d-----w- c:\program files\CONEXANT
2009-05-08 19:03 . 2009-05-08 18:55 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-08 19:00 . 2009-05-08 19:00 -------- d-----w- c:\docume~1\User\APPLIC~1\Windows Desktop Search
2009-05-08 18:57 . 2009-05-08 18:57 -------- d-----w- c:\program files\Alky for Applications
2009-05-08 18:52 . 2009-05-08 18:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-08 18:51 . 2009-05-08 18:51 -------- d-----w- c:\program files\Windows Desktop Search
2009-03-05 15:08 . 2009-06-24 17:29 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-18 1992928]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-30 121089]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-18 1992928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-01 124928]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Hyperdesk_uninst0.lnk - c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe [2009-6-6 1277952]
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-5-8 128000]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-01 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16417:TCP"= 16417:TCP:BitComet 16417 TCP
"16417:UDP"= 16417:UDP:BitComet 16417 UDP
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [30/05/2009 11:54 م 43792]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [02/07/2009 07:50 م 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [02/07/2009 07:50 م 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [02/07/2009 07:50 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [02/07/2009 07:50 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [02/07/2009 07:50 م 434945]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [30/05/2009 11:54 م 73392]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [13/06/2009 10:56 م 604416]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [02/07/2009 07:50 م 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/05/2009 10:35 م 105984]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-07-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة -
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل المحددة بفري داونلود مانيجر -
IE: تنزيل الكل بفري داونلود مانيجر -
IE: تنزيل بفري داونلود مانيجر -
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://voice34.digivoice.net/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.33/imscp/talks3n.cab
FF - ProfilePath - c:\docume~1\User\APPLIC~1\Mozilla\Firefox\Profiles\qgl0txdl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-03 21:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\User\LOCALS~1\Temp\Perflib_Perfdata_2c4.dat 16384 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2d764796-7d9b-4efb-945b-e8e971ed40e6}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a7
"Therad"=dword:00000028
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4e,09,42,27,2a,c7,41,75,4e,ab,9a,7d,ca,57,08,bc,1f,3e,70,1e,60,
fc,69,80,f4,c0,33,6f,ae,f8,d9,ac,4a,20,2e,5d,05,aa,84,4b,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1540)
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\igfxdev.dll
- - - - - - - > 'lsass.exe'(1596)
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\program files\Spyware Doctor\Tools\swpg.dat
- - - - - - - > 'explorer.exe'(324)
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(1516)
c:\program files\Spyware Doctor\Tools\swpg.dat
.
Completion time: 2009-07-03 21:32
ComboFix-quarantined-files.txt 2009-07-03 18:32
ComboFix2.txt 2009-07-03 18:24
Pre-Run: 184,651,403,264 bytes free
Post-Run: 184,641,294,336 bytes free
376
(هذا تقرير ComboFix)
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2038.1431 [GMT 3:00]
Running from: c:\downloads\Software\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-07-03 17:11 . 2009-07-03 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-03 15:30 . 2009-07-03 18:29 -------- d-----w- c:\docume~1\User\APPLIC~1\Free Download Manager
2009-07-03 15:30 . 2009-07-03 15:30 -------- d-----w- c:\program files\Free Download Manager
2009-07-03 15:30 . 2009-07-03 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-07-03 14:23 . 2009-07-03 14:23 -------- d-----w- c:\documents and settings\tazebama.dl_
2009-07-02 19:14 . 2009-07-02 19:14 -------- d-----w- c:\docume~1\User\APPLIC~1\Avira
2009-07-02 16:50 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-02 16:50 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-02 16:50 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-02 16:50 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-02 16:50 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-02 16:50 . 2009-07-02 16:50 -------- d-----w- c:\program files\Avira
2009-07-01 18:53 . 2009-07-01 18:54 -------- d-----w- c:\program files\Circle Developement
2009-07-01 18:50 . 2009-07-03 16:27 -------- d-----w- c:\documents and settings\User\Tracing
2009-07-01 18:46 . 2009-07-01 18:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-01 18:45 . 2009-07-01 18:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-01 18:45 . 2009-07-01 18:45 -------- d-----w- c:\program files\Microsoft
2009-07-01 18:44 . 2009-07-01 18:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-01 18:44 . 2009-07-01 18:49 -------- d-----w- c:\program files\Windows Live
2009-07-01 18:43 . 2009-07-01 18:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-30 17:01 . 2009-06-30 17:33 -------- d-----w- c:\program files\USB Disk Security
2009-06-30 15:48 . 2009-06-30 15:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Yahoo
2009-06-30 15:48 . 2009-06-30 15:48 262144 ----a-w- C:\ntuser.dat
2009-06-30 15:48 . 2009-07-01 23:07 -------- d-----w- c:\docume~1\User\APPLIC~1\Yahoo!
2009-06-30 15:47 . 2009-05-26 16:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-30 13:09 . 2009-06-30 22:17 -------- d-----w- c:\program files\AutorunRemover
2009-06-28 10:39 . 2009-06-28 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-27 13:54 . 2009-06-27 13:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberScrub
2009-06-27 10:14 . 2009-06-27 10:14 -------- d-----w- c:\windows\system32\embedded
2009-06-27 10:14 . 2009-06-27 10:25 -------- d-----w- c:\program files\Spyware Doctor
2009-06-26 20:51 . 2007-05-10 07:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2009-06-26 15:47 . 2009-06-26 15:58 -------- d-----w- c:\docume~1\User\APPLIC~1\GetRightToGo
2009-06-26 15:16 . 2009-06-27 19:56 -------- d-----w- c:\docume~1\User\APPLIC~1\CyberScrub
2009-06-26 15:16 . 2009-06-26 15:16 -------- d-----w- c:\docume~1\User\APPLIC~1\cleaner
2009-06-25 17:23 . 2009-06-25 17:23 -------- d-----w- c:\docume~1\User\APPLIC~1\Motive
2009-06-25 17:23 . 2009-06-25 17:25 -------- d-----w- c:\program files\Fahess_Activation
2009-06-25 17:22 . 2009-06-25 17:23 -------- d-----w- c:\program files\Common Files\Motive
2009-06-25 17:22 . 2009-06-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-24 17:59 . 2009-06-24 20:31 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-24 17:27 . 2009-06-24 17:27 -------- d-----w- c:\windows\system32\logs
2009-06-24 17:26 . 2009-06-24 20:32 -------- d-----w- c:\program files\BitDefender
2009-06-24 17:26 . 2009-06-24 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-06-24 17:25 . 2009-06-24 17:26 -------- d-----w- c:\windows\system32\URTTemp
2009-06-24 17:14 . 2009-06-24 20:32 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-21 20:35 . 2009-07-03 12:40 -------- d-----w- c:\docume~1\User\APPLIC~1\IDM
2009-06-17 17:59 . 2006-05-21 12:15 966144 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2009-06-17 17:59 . 2006-05-21 12:15 877568 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-06-17 17:59 . 2006-05-21 12:15 634880 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2009-06-17 17:59 . 2006-05-21 12:15 522752 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2009-06-17 17:59 . 2006-05-21 12:15 467968 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-06-17 17:59 . 2006-05-21 12:15 467456 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-06-17 17:59 . 2009-06-17 17:59 -------- d-----w- c:\docume~1\User\APPLIC~1\concept design
2009-06-17 16:07 . 2009-06-17 16:07 -------- d-----w- c:\program files\XeroBank
2009-06-14 17:49 . 2009-06-14 17:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-14 12:54 . 2009-06-14 12:54 -------- d-----w- c:\docume~1\User\APPLIC~1\gnupg
2009-06-13 19:59 . 2009-06-13 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-06-13 19:59 . 2009-06-13 16:47 24433136 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_ar.exe
2009-06-13 19:59 . 2009-06-13 19:59 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-13 19:59 . 2009-06-13 19:59 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-13 19:59 . 2009-06-13 19:59 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-13 19:56 . 2009-06-13 19:56 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-13 19:56 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-13 19:56 . 2009-06-13 19:56 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\docume~1\User\APPLIC~1\TuneUp Software
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-13 19:56 . 2009-06-13 19:56 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-13 19:54 . 2009-06-13 19:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-13 19:52 . 2009-06-13 19:52 -------- d-----w- c:\program files\janusware
2009-06-10 04:50 . 2009-06-27 14:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-06-10 04:50 . 2009-06-10 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-06-10 04:50 . 2009-06-10 04:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-06 19:40 . 2009-06-06 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\The Skins Factory
2009-06-06 19:40 . 2008-10-07 07:44 1277952 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe
2009-06-06 19:40 . 2008-06-25 06:55 888832 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxBaseV.dll
2009-06-06 19:40 . 2008-06-25 06:55 798720 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxXML2V.dll
2009-06-06 19:40 . 2008-06-25 06:55 786432 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxImV.dll
2009-06-06 19:40 . 2008-06-25 06:55 733184 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxJavaScriptV.dll
2009-06-06 19:40 . 2008-06-25 06:55 528384 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxProcV.dll
2009-06-06 19:40 . 2008-06-25 06:55 458752 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxFFV.dll
2009-06-06 19:40 . 2008-06-25 06:55 2105344 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxCmpV.dll
2009-06-06 19:40 . 2008-06-25 06:55 159744 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxZipV.dll
2009-06-06 19:40 . 2008-06-25 06:55 1421312 ----a-w- c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\SkinuxCommonV.dll
2009-06-06 19:39 . 2009-06-06 19:39 -------- d-----w- c:\docume~1\User\APPLIC~1\Skinux
2009-06-06 19:36 . 2009-06-06 19:36 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations
2009-06-05 13:33 . 2009-06-05 13:39 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Hotspot_Shield
2009-06-05 11:23 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-05 11:23 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-05 11:23 . 2008-03-21 10:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-04 21:32 . 2009-06-04 21:34 -------- d-----w- c:\program files\VistaDrives
2009-06-04 21:21 . 2009-06-04 21:21 18599936 ----a-w- c:\windows\system32\videoencode.dll
2009-06-04 21:21 . 2009-06-04 21:21 90112 ----a-w- c:\windows\system32\ssvideo.dll
2009-06-04 21:21 . 2009-06-04 21:21 1128128 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-06-04 21:21 . 2009-06-30 11:29 778240 ----a-w- c:\windows\system32\ALOAudioCompress2.dll
2009-06-04 21:21 . 2009-06-04 21:21 18595840 ----a-w- c:\windows\system32\coredata.dll
2009-06-04 21:21 . 2006-07-28 22:22 51712 ----a-w- c:\windows\system32\coodest.dll
2009-06-04 21:21 . 2003-08-07 12:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-04 21:21 . 2005-05-19 00:17 40960 ----a-w- c:\windows\system32\osenxpsuite2005.dll
2009-06-04 21:20 . 2009-06-04 21:20 -------- d-----w- c:\program files\Ozone
2009-06-04 16:18 . 2009-06-30 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 15:28 . 2009-05-16 09:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 12:39 . 2009-05-09 16:47 -------- d-----w- c:\docume~1\User\APPLIC~1\DMCache
2009-07-02 23:09 . 2009-05-08 19:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 21:39 . 2009-05-10 20:23 -------- d-----w- c:\program files\CCleaner
2009-07-02 18:33 . 2009-05-11 20:47 -------- d-----w- c:\program files\LtUcx
2009-07-02 16:50 . 2009-05-09 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-02 16:36 . 2009-05-27 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-01 23:17 . 2009-05-09 16:54 -------- d-----w- c:\docume~1\User\APPLIC~1\Skype
2009-07-01 23:07 . 2009-05-10 20:23 -------- d-----w- c:\program files\Yahoo!
2009-07-01 23:03 . 2009-07-01 22:59 -------- d-----w- c:\program files\DivX
2009-07-01 22:59 . 2009-07-01 22:59 -------- d-----w- c:\docume~1\User\APPLIC~1\DivX
2009-07-01 18:53 . 2009-05-09 06:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-01 18:31 . 2009-05-10 20:21 -------- d-----w- c:\program files\BitComet
2009-07-01 16:52 . 2009-07-01 16:52 2678 ----a-w- c:\windows\java\Packages\Data\BVRFTNPR.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\QNTZVVFP.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\HZRDBHBV.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\6TBXR9RH.DAT
2009-07-01 16:51 . 2009-07-01 16:51 2678 ----a-w- c:\windows\java\Packages\Data\TFLVXV9Z.DAT
2009-06-26 22:10 . 2009-05-08 19:00 101184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 16:08 . 2009-05-16 05:30 -------- d-----w- c:\program files\مجموعة أفلام
2009-06-26 11:42 . 2009-05-28 16:41 -------- d-----w- c:\program files\UlisesSoft
2009-06-15 23:49 . 2009-05-10 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-13 20:16 . 2009-05-11 15:46 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-13 20:16 . 2009-05-09 18:37 -------- d-----w- c:\program files\Nokia
2009-06-13 19:59 . 2009-05-09 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-06 18:59 . 2009-05-09 06:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 11:23 . 2009-06-05 11:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-05 11:23 . 2009-06-05 11:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-03 21:52 . 2009-05-09 16:34 -------- d-----w- c:\program files\معالج الصور
2009-06-02 19:19 . 2009-06-02 19:17 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2009-06-02 19:14 . 2009-06-02 19:09 -------- d-----w- c:\program files\computer4u
2009-06-02 19:00 . 2009-02-01 09:10 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-02 18:48 . 2009-05-28 20:36 -------- d-----w- c:\program files\KoolMoves Demo
2009-06-02 18:36 . 2009-06-02 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Laconic Software
2009-06-02 18:35 . 2009-06-02 18:35 -------- d-----w- c:\program files\Free Fire Screensaver
2009-05-31 19:51 . 2009-05-31 19:38 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-31 19:46 . 2009-05-31 19:38 -------- d-----w- c:\program files\Mgutil
2009-05-31 19:38 . 2009-05-31 19:38 -------- d-----w- c:\docume~1\User\APPLIC~1\URSoft
2009-05-30 20:54 . 2009-05-30 20:54 -------- d-----w- c:\program files\Hide Folders 2009
2009-05-30 19:00 . 2009-05-30 19:00 -------- d-----w- c:\program files\SigmaTel
2009-05-30 19:00 . 2009-05-08 19:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-29 20:35 . 2009-05-29 20:05 -------- d-----w- c:\program files\InTouchLock
2009-05-29 20:19 . 2009-05-21 22:22 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-29 20:16 . 2009-05-29 20:00 -------- d-----w- c:\docume~1\User\APPLIC~1\uTorrent
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\docume~1\User\APPLIC~1\ESET
2009-05-28 16:40 . 2009-05-28 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-28 13:37 . 2009-05-28 13:37 -------- d-----w- c:\program files\microsoft frontpage
2009-05-28 13:24 . 2009-05-28 13:24 -------- d-----w- c:\docume~1\User\APPLIC~1\PC Tools
2009-05-26 19:41 . 2009-05-09 17:00 -------- d-----w- c:\docume~1\User\APPLIC~1\skypePM
2009-05-24 20:30 . 2009-05-08 18:54 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-24 17:05 . 2009-05-24 17:05 -------- d-----w- c:\program files\Conduit
2009-05-22 14:33 . 2009-05-09 18:37 -------- d-----w- c:\docume~1\User\APPLIC~1\Nokia
2009-05-18 20:11 . 2009-05-18 20:09 -------- d-----w- c:\docume~1\User\APPLIC~1\DeskSoft
2009-05-16 18:46 . 2009-05-16 18:46 1172 ----a-w- c:\windows\mozver.dat
2009-05-16 18:07 . 2009-05-16 18:07 0 ----a-w- c:\windows\nsreg.dat
2009-05-16 16:19 . 2009-05-16 16:19 -------- d-----w- c:\program files\Ask Search Assistant
2009-05-15 12:26 . 2009-05-15 12:26 -------- d-----w- c:\docume~1\User\APPLIC~1\Avant Profiles
2009-05-13 19:01 . 2009-05-09 16:53 -------- d-----w- c:\program files\Google
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-11 15:46 . 2009-05-11 15:46 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-11 15:45 . 2009-05-11 15:45 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-11 15:45 . 2009-05-11 15:45 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-11 15:45 . 2009-05-11 15:45 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-11 15:44 . 2009-05-11 15:45 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara.exe
2009-05-10 20:24 . 2009-05-10 20:24 -------- d-----w- c:\program files\Microsoft Works
2009-05-10 20:24 . 2009-05-10 20:24 -------- d-----w- c:\program files\MSBuild
2009-05-10 20:20 . 2009-05-09 21:12 57344 ----a-w- c:\windows\system32\IMSInfo.dll
2009-05-09 21:10 . 2009-05-09 16:35 -------- d-----w- c:\docume~1\User\APPLIC~1\Media Player Classic
2009-05-09 18:39 . 2009-05-09 18:37 -------- d-----w- c:\docume~1\User\APPLIC~1\PC Suite
2009-05-09 18:39 . 2009-05-09 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-09 18:36 . 2009-05-09 18:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-09 18:36 . 2009-05-09 18:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-09 18:36 . 2009-05-09 18:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-09 17:00 . 2009-05-09 17:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----w- c:\program files\Common Files\Skype
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----r- c:\program files\Skype
2009-05-09 16:52 . 2009-05-09 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w- c:\docume~1\User\APPLIC~1\Windows Search
2009-05-09 16:35 . 2009-05-09 16:35 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-09 16:35 . 2009-05-09 06:42 -------- d-----w- c:\program files\Common Files\Real
2009-05-09 06:46 . 2009-05-09 06:46 -------- d-----w- c:\program files\Alwil Software
2009-05-09 06:42 . 2009-05-09 06:42 -------- d-----w- c:\program files\Real
2009-05-09 06:41 . 2009-05-09 06:41 -------- d-----w- c:\program files\Ahead
2009-05-09 06:41 . 2009-05-09 06:41 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-09 06:35 . 2009-05-09 06:35 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-09 06:35 . 2009-05-09 06:35 172032 ------w- c:\windows\Setup1.exe
2009-05-09 06:35 . 2009-05-09 06:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-09 06:33 . 2009-05-09 06:33 -------- d-----w- c:\docume~1\User\APPLIC~1\vlc
2009-05-09 06:31 . 2009-05-09 06:31 -------- d-----w- c:\program files\VideoLAN
2009-05-09 06:31 . 2009-05-09 06:31 2232 ----a-w- c:\windows\java\Packages\Data\5Z1FRX7F.DAT
2009-05-09 06:31 . 2009-05-09 06:31 155995 ----a-w- c:\windows\java\Packages\IADZ3NPB.ZIP
2009-05-08 19:25 . 2009-05-08 19:25 -------- d-----w- c:\program files\DIFX
2009-05-08 19:24 . 2009-05-08 19:24 -------- d-----w- c:\program files\Intel
2009-05-08 19:22 . 2009-05-08 19:22 -------- d-----w- c:\program files\WIDCOMM
2009-05-08 19:21 . 2009-05-08 19:21 -------- d-----w- c:\program files\CONEXANT
2009-05-08 19:03 . 2009-05-08 18:55 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-08 19:00 . 2009-05-08 19:00 -------- d-----w- c:\docume~1\User\APPLIC~1\Windows Desktop Search
2009-05-08 18:57 . 2009-05-08 18:57 -------- d-----w- c:\program files\Alky for Applications
2009-05-08 18:52 . 2009-05-08 18:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-08 18:51 . 2009-05-08 18:51 -------- d-----w- c:\program files\Windows Desktop Search
2009-03-05 15:08 . 2009-06-24 17:29 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-18 1992928]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-30 121089]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-02-18 1992928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-01 124928]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Hyperdesk_uninst0.lnk - c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe [2009-6-6 1277952]
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2009-5-8 128000]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-01 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16417:TCP"= 16417:TCP:BitComet 16417 TCP
"16417:UDP"= 16417:UDP:BitComet 16417 UDP
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [30/05/2009 11:54 م 43792]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [02/07/2009 07:50 م 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [02/07/2009 07:50 م 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [02/07/2009 07:50 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [02/07/2009 07:50 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [02/07/2009 07:50 م 434945]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [30/05/2009 11:54 م 73392]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [13/06/2009 10:56 م 604416]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [02/07/2009 07:50 م 69632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/05/2009 10:35 م 105984]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-07-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlfvideo.htmIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل المحددة بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlselected.htmIE: تنزيل الكل بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlall.htmIE: تنزيل بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dllink.htmLSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://voice34.digivoice.net/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.33/imscp/talks3n.cab
FF - ProfilePath - c:\docume~1\User\APPLIC~1\Mozilla\Firefox\Profiles\qgl0txdl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-03 21:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\User\LOCALS~1\Temp\Perflib_Perfdata_2c4.dat 16384 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2d764796-7d9b-4efb-945b-e8e971ed40e6}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a7
"Therad"=dword:00000028
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4e,09,42,27,2a,c7,41,75,4e,ab,9a,7d,ca,57,08,bc,1f,3e,70,1e,60,
fc,69,80,f4,c0,33,6f,ae,f8,d9,ac,4a,20,2e,5d,05,aa,84,4b,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1540)
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\igfxdev.dll
- - - - - - - > 'lsass.exe'(1596)
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\program files\Spyware Doctor\Tools\swpg.dat
- - - - - - - > 'explorer.exe'(324)
c:\program files\Spyware Doctor\Tools\swpg.dat
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(1516)
c:\program files\Spyware Doctor\Tools\swpg.dat
.
Completion time: 2009-07-03 21:32
ComboFix-quarantined-files.txt 2009-07-03 18:32
ComboFix2.txt 2009-07-03 18:24
Pre-Run: 184,651,403,264 bytes free
Post-Run: 184,641,294,336 bytes free
376
(هذا تقرير ComboFix)
تأييد
0
البارون
زيزوومى فضى
- إنضم
- 1 مارس 2008
- المشاركات
- 13,588
- مستوى التفاعل
- 506
- النقاط
- 920
غير متصل
تقرير هايجاك
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : البارون
تأييد
0
- الحالة