فيروس غريب ينزل اغاني في الفلاش ميموري وغير قادر علي التخلص منه

ateeed · 10 يوليو 2009

السلام عليكم

منذ اسبوع نزلت تحديث لرسيفري ون كير علي الفلاش
التحديث لم يعمل
ولكن اكتشفت وجود ملفات اغاني اجنبيه وهنديه في الفلاش
مسحتهم سويت فورمات للفلاش وبعد شوي رجعوا الملفات من جديد
بما يعني ان الفايروس انتقل للكمبيوتر
عملت سكان بالاي في جي
وقال ان كل شيء سليم
الملفات لم تحدث اي ظرر ولكن كل ما امسحها تعود
هل يوجد برنامج متخصص قادر علي التخلص منها بشكل نهائي

MAAX · 12 يوليو 2009

الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

وعذرا بنقله للقسم المناسب

ateeed · 13 يوليو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:36 AM, on 7/13/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft Office\Office14\SYNCPROC.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Logitech\Profiler\LWEMon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [GrooveMonitor] C:\PROGRA~1\MICROS~3\Office14\GROOVEMN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\SYNCPROC.EXE
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F25B3FCF-14CC-4307-9D7E-A32C523E5BC4}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7640 bytes

ateeed · 13 يوليو 2009

مشكور

علمني كيف بتعرف وجود الفايروس ونوعه من خلال الريبورت؟؟؟

MAAX · 14 يوليو 2009

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

ateeed · 14 يوليو 2009

بسوي كل شي تقوله
بس ضروري تعلمني تحليل التقارير انا اريد اتعلم

سعود الشامان · 14 يوليو 2009

ateeed قال:
بسوي كل شي تقوله
بس ضروري تعلمني تحليل التقارير انا اريد اتعلم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ateeed · 17 يوليو 2009

سعود الشامان قال:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شكرا

كثير استفدت

واسف علي التاخير

هذا تقرير البرنامج

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6002 Service Pack 2
7/17/2009 2:39:27 AM
mbam-log-2009-07-17 (02-39-18).txt
Scan type: Full Scan (C:\|D:\|H:\|)
Objects scanned: 291859
Time elapsed: 1 hour(s), 34 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\asa\AppData\Local\Temp\RarSFX2\FullSetup.exe (Trojan.Downloader) -> No action taken.
h:\Ateeed\AAA\1ateeed prog\winrar 3.80 final\RAR Slayer v1.1.exe (Malware.Tool) -> No action taken.
h:\Ateeed\AAA\adobe photosop cs3 extended me\Keygen2.exe (Trojan.Agent) -> No action taken.
h:\system volume information\_restore{93dc91ce-3667-420e-9d49-f8236882ed33}\RP1020\A0282228.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\cd171e49-359a-40e3-8bee-211d9c39c8db.tmp (Heuristics.Malware) -> No action taken.

AbOdy · 17 يوليو 2009

اعمل التالي
اشبك الفلاش في الجهاز
ثم

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

ateeed · 19 يوليو 2009

ComboFix 09-07-14.08 - asa 07/19/2009 1:18.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1725 [GMT 4:00]
Running from: c:\users\asa\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\asa\FAVORI~1\Translator.URL
c:\users\asa\Favorites\Translator.URL
J:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.
2009-07-18 21:16 . 2009-07-18 00:25 3137363 ----a-r- c:\users\asa\ComboFix.exe
2009-07-17 23:13 . 2009-07-17 23:13 -------- d-----w- c:\program files\7-Zip
2009-07-17 08:10 . 2009-07-17 10:59 -------- d-----w- C:\Fallout.3.Full-Rip.Skullptura
2009-07-17 05:59 . 2009-07-09 04:04 2301208 ----a-w- c:\programdata\avg8\update\backup\avguiadv.dll
2009-07-17 05:59 . 2009-07-09 04:04 3403032 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-17 05:59 . 2009-07-09 04:04 353048 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-07-17 01:19 . 2009-07-17 01:19 -------- d-----w- c:\users\asa\AppData\Roaming\Disney Interactive Studios
2009-07-17 00:47 . 2009-07-17 00:47 -------- d-----w- c:\program files\OpenAL
2009-07-17 00:45 . 2009-07-17 00:45 -------- d-----w- c:\windows\system32\xlive
2009-07-17 00:43 . 2009-07-17 00:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-16 23:49 . 2009-07-17 00:40 -------- d-----w- C:\Pure
2009-07-16 23:39 . 2009-07-17 00:47 -------- d-----w- C:\The Club
2009-07-16 16:04 . 2009-07-17 09:35 -------- d-----w- c:\users\asa\Watchmen[2009]DvDrip[Eng]-FXG
2009-07-16 16:02 . 2009-07-17 09:35 -------- d-----w- c:\users\asa\Terminator Salvation.DVDSCR.XViD-ANALSHiT
2009-07-16 16:02 . 2009-07-17 09:34 -------- d-----w- c:\users\asa\Stop-Loss.DVDRip.XviD-Larceny
2009-07-16 16:01 . 2009-07-17 09:34 -------- d-----w- c:\users\asa\Gran Torino 2008 DVDSCR XviD-KingBen
2009-07-16 16:00 . 2009-07-17 09:37 -------- d-----w- c:\users\asa\Duplicity[2009]DvDrip[Eng]-FXG
2009-07-16 15:58 . 2009-07-17 23:18 -------- d-----w- c:\users\asa\AAD.2009.R5.LiNE.READ.NFO.DVDRip.XviD-CaRRe
2009-07-15 23:45 . 2009-07-15 23:45 12862 ----a-r- c:\users\asa\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-07-15 23:42 . 2009-07-16 23:04 -------- d-----w- c:\programdata\VistaCodecs
2009-07-15 23:19 . 2009-07-11 21:16 20461914 ----a-w- c:\users\asa\K-Lite Mega Codec Pack 5.0.0.exe
2009-07-15 22:32 . 2009-07-15 22:32 3775175 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-15 22:31 . 2009-07-15 22:31 -------- d-----w- c:\users\asa\AppData\Roaming\Malwarebytes
2009-07-15 22:31 . 2009-07-13 09:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 22:31 . 2009-07-13 09:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 22:31 . 2009-07-15 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 22:31 . 2009-07-15 22:31 -------- d-----w- c:\programdata\Malwarebytes
2009-07-15 08:18 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 08:18 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 08:18 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 08:18 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 08:18 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 22:02 . 2009-07-14 22:02 -------- d-----w- c:\programdata\Blueberry
2009-07-14 22:01 . 2009-06-14 04:19 -------- d-----w- c:\users\asa\BB.FlashBack.Pro.v2.6.2.1162.Incl.Keygen-DI
2009-07-14 21:46 . 2009-07-14 23:28 -------- d-----w- c:\users\asa\AppData\Roaming\Blueberry
2009-07-14 21:46 . 2009-07-14 21:46 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-07-14 21:46 . 2009-07-14 21:46 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-07-14 21:46 . 2009-07-14 21:46 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-07-14 21:44 . 2009-06-02 22:12 1224704 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\F6DB5167\D8FFC998\FlashBack Batch Export.exe
2009-07-14 21:36 . 2009-07-14 21:36 -------- d-----w- c:\users\asa\AppData\Local\TechSmith
2009-07-14 21:36 . 2009-07-14 21:36 -------- d-----w- C:\SnagitPortable
2009-07-14 21:34 . 2009-07-14 21:34 435712 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Camtasia Studio 5\40000049600002i\CamRecorder.exe
2009-07-14 21:33 . 2009-07-14 21:33 435712 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Camtasia Studio 5\400000d00002i\TSCHelp.exe
2009-07-14 21:33 . 2009-07-14 21:33 435712 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Camtasia Studio 5\4000004eb00002i\CamtasiaStudio.exe
2009-07-14 11:25 . 1997-12-17 14:33 304128 ----a-w- c:\windows\IsUninst.exe
2009-07-14 11:22 . 2009-07-14 11:27 -------- d-----w- c:\program files\Final Fantasy VII
2009-07-13 22:12 . 2009-07-13 22:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-13 22:11 . 2009-07-13 22:11 8854 ----a-r- c:\users\asa\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe
2009-07-13 22:11 . 2009-07-13 22:11 45056 ----a-r- c:\users\asa\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2009-07-13 22:11 . 2009-07-13 22:11 45056 ----a-r- c:\users\asa\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2009-07-13 22:11 . 2009-07-13 22:11 40960 ----a-r- c:\users\asa\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2009-07-13 22:11 . 2009-07-13 22:11 10134 ----a-r- c:\users\asa\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
2009-07-13 22:11 . 2009-07-13 22:11 -------- d-----w- c:\program files\GameShadow
2009-07-13 22:10 . 2009-07-13 22:10 -------- d-----w- c:\windows\Downloaded Installations
2009-07-13 22:02 . 2009-07-13 22:02 -------- d-----w- c:\program files\Ubisoft
2009-07-12 23:09 . 2009-07-12 23:09 -------- d-----w- c:\program files\Trend Micro
2009-07-12 15:49 . 2009-07-12 15:49 -------- d-----w- c:\program files\TDK Mediactive
2009-07-12 15:47 . 2009-07-12 15:47 -------- d-----w- c:\program files\Sierra
2009-07-12 09:46 . 2009-07-12 09:46 1594554 ----a-w- c:\windows\WANEUninstaller.exe
2009-07-12 09:43 . 2009-07-12 09:43 -------- d-----w- C:\Games
2009-07-12 09:42 . 2009-07-12 09:42 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-07-11 20:03 . 2009-07-11 21:32 -------- d-----w- C:\PES 2009
2009-07-11 01:15 . 2009-07-11 08:37 -------- d-----w- c:\program files\Sony Ericsson PC Suite
2009-07-11 01:15 . 2009-07-11 01:15 -------- d-----w- c:\programdata\Sony Ericsson
2009-07-10 08:32 . 2009-03-26 21:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-07-10 08:32 . 2009-07-10 08:32 -------- d-----w- c:\program files\CPUID
2009-07-09 14:28 . 2009-07-09 14:28 -------- d-----w- c:\program files\oZone3D
2009-07-08 01:24 . 2009-07-08 01:24 -------- d-----w- c:\users\asa\AppData\Local\bluesoleil
2009-07-08 01:20 . 2009-07-08 01:20 -------- d-----w- c:\program files\IVT Corporation
2009-07-08 01:18 . 2009-07-08 01:19 -------- d-----w- c:\users\asa\BlueSoleil_6.4.249
2009-07-01 21:28 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2009-07-01 09:47 . 2009-07-01 09:48 -------- d-----w- c:\users\asa\AppData\Roaming\PhotoFiltre Studio X
2009-07-01 09:46 . 2009-07-01 09:47 -------- d-----w- c:\program files\PhotoFiltre Studio X
2009-06-29 22:04 . 2009-06-29 22:04 8704 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Switch\4000008f00003i\mp3enc.exe
2009-06-29 22:04 . 2009-06-29 22:04 8704 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Switch\4000001e00002i\mp3el.exe
2009-06-29 22:04 . 2007-08-29 11:36 110592 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Switch\%ProgramFilesDir%\NCH Software\Components\mp3el\mp3enc.exe
2009-06-29 19:26 . 2009-07-11 01:06 -------- d-----w- c:\program files\Common Files\Real
2009-06-29 19:26 . 2009-06-29 19:26 -------- d-----w- c:\program files\Real
2009-06-29 17:17 . 2009-07-15 23:45 -------- d-----w- c:\program files\Pcsx2
2009-06-29 16:58 . 2009-06-29 16:58 198064 ----a-w- c:\users\asa\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-06-29 16:55 . 2009-07-12 00:40 -------- d-----w- c:\users\asa\BONUS
2009-06-29 13:11 . 2009-06-29 13:11 8704 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Switch\10000006e00002i\SearchIndexer.exe
2009-06-29 13:11 . 2009-06-29 13:11 8704 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Switch\4000009c00002i\iexplore.exe
2009-06-29 13:11 . 2009-06-29 13:11 8704 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Switch\1000000800002i\svchost.exe
2009-06-27 22:56 . 2009-06-27 22:56 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-27 22:56 . 2009-07-14 23:21 -------- d-----w- c:\program files\Winamp
2009-06-26 23:53 . 2009-06-27 00:11 -------- d-----w- c:\programdata\NexonEU
2009-06-26 23:53 . 2009-06-26 23:53 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2009-06-26 23:53 . 2009-06-26 23:53 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2009-06-26 23:53 . 2009-06-26 23:53 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2009-06-26 23:53 . 2009-06-26 23:53 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2009-06-26 23:53 . 2009-06-26 23:53 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2009-06-26 23:53 . 2009-06-26 23:53 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2009-06-26 23:53 . 2009-06-26 23:53 -------- d-----w- C:\Nexon
2009-06-24 21:08 . 2009-06-24 21:08 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-24 21:08 . 2009-06-24 21:08 22328 ----a-w- c:\users\asa\AppData\Roaming\PnkBstrK.sys
2009-06-24 21:08 . 2009-06-24 21:08 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-24 21:08 . 2009-06-24 21:08 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-24 21:08 . 2009-06-24 21:08 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-24 21:08 . 2007-07-19 14:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2009-06-24 21:08 . 2007-07-19 14:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-06-24 21:08 . 2007-07-19 14:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-06-24 21:08 . 2007-05-16 12:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-06-24 21:08 . 2007-05-16 12:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-06-24 21:08 . 2007-05-16 12:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-06-24 21:08 . 2007-04-04 14:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-06-24 21:07 . 2009-06-24 21:07 -------- d-----w- c:\programdata\Media Center Programs
2009-06-24 21:00 . 2009-06-24 21:00 -------- d-----w- c:\program files\Electronic Arts
2009-06-24 10:30 . 2009-06-24 10:30 -------- d-----w- C:\tmp
2009-06-24 10:30 . 2009-07-12 00:39 -------- d-----w- C:\tmpDownload
2009-06-22 20:00 . 2008-09-26 14:04 621056 ----a-r- c:\windows\system32\drivers\mod7700.sys
2009-06-22 20:00 . 2008-09-26 14:04 113152 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2009-06-22 20:00 . 2008-09-26 14:04 101760 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2009-06-22 20:00 . 2008-09-26 14:03 23424 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2009-06-22 19:55 . 2009-06-22 19:57 -------- d-----w- c:\program files\Mobile Partner
2009-06-21 22:52 . 2009-06-21 22:52 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-21 22:32 . 2009-06-21 22:43 74672991 ----a-w- c:\users\asa\office 2003 portable.exe
2009-06-20 23:00 . 2003-06-18 13:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-06-19 21:17 . 2009-06-19 21:17 -------- d-----w- c:\program files\Microsoft.NET
2009-06-19 21:17 . 2009-06-19 21:17 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-19 21:07 . 2009-06-19 21:07 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-06-19 21:05 . 2009-06-19 21:05 -------- d-----w- c:\programdata\BVRP Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 21:22 . 2009-06-03 21:45 -------- d-----w- c:\users\asa\AppData\Roaming\DMCache
2009-07-18 21:13 . 2009-06-01 19:05 31681 ----a-w- c:\programdata\nvModes.dat
2009-07-17 00:47 . 2009-06-09 10:22 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-17 00:47 . 2009-06-09 10:22 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-16 23:05 . 2009-06-12 20:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-15 23:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 21:46 . 2009-07-14 21:45 -------- d-----w- c:\users\asa\AppData\Roaming\LogSys
2009-07-14 21:45 . 2009-07-14 21:45 -------- d-----w- c:\programdata\LogSys
2009-07-14 21:45 . 2009-07-14 21:45 -------- dc-h--w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}
2009-07-14 21:45 . 2009-07-14 21:45 -------- d-----w- c:\program files\Common Files\Blueberry Software
2009-07-14 21:45 . 2009-07-14 21:45 -------- d-----w- c:\program files\Blueberry Software
2009-07-14 21:33 . 2009-06-05 21:02 -------- d-----w- c:\users\asa\AppData\Roaming\Thinstall
2009-07-13 23:11 . 2009-06-08 10:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 15:24 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-07-12 14:49 . 2009-06-07 21:38 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-12 14:49 . 2009-06-07 21:38 -------- d-----w- c:\program files\Logitech
2009-07-11 13:19 . 2009-06-03 21:45 -------- d-----w- c:\users\asa\AppData\Roaming\IDM
2009-07-11 00:57 . 2009-07-11 00:57 148736 ----a-w- c:\programdata\hpe37E1.dll
2009-07-11 00:57 . 2009-07-11 00:57 148736 ----a-w- c:\programdata\hpe37E1.dll
2009-07-11 00:57 . 2009-07-11 00:57 -------- d-----w- c:\program files\Sony Ericsson
2009-07-09 04:04 . 2009-06-03 10:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-09 04:04 . 2009-06-03 10:28 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 04:04 . 2009-06-03 10:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 19:56 . 2009-06-03 21:45 -------- d-----w- c:\program files\Internet Download Manager
2009-06-29 13:48 . 2009-06-01 17:42 -------- d-----w- c:\program files\The KMPlayer
2009-06-23 22:01 . 2009-06-17 00:17 -------- d-----w- c:\users\asa\AppData\Roaming\Nokia
2009-06-23 20:42 . 2009-06-17 00:17 -------- d-----w- c:\users\asa\AppData\Roaming\PC Suite
2009-06-22 20:00 . 2009-06-01 16:34 -------- d-----w- c:\program files\Broadband Internet
2009-06-22 19:57 . 2009-06-01 16:15 115968 ----a-w- c:\users\asa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 00:49 . 2009-06-06 21:39 -------- d-----w- c:\programdata\Microsoft Help
2009-06-20 08:30 . 2009-06-04 09:18 -------- d-----w- c:\program files\Silkroad
2009-06-19 21:18 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-06-19 21:17 . 2009-06-06 21:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-17 21:16 . 2009-06-17 21:16 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-17 21:16 . 2009-06-03 21:15 -------- d-----w- c:\program files\Microsoft
2009-06-17 00:51 . 2009-06-17 00:52 24433136 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_ar.exe
2009-06-17 00:28 . 2009-06-17 00:28 -------- d-----w- c:\programdata\Nokia
2009-06-17 00:28 . 2009-06-17 00:16 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-17 00:28 . 2009-06-17 00:14 -------- d-----w- c:\program files\Nokia
2009-06-17 00:28 . 2009-06-17 00:28 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-17 00:28 . 2009-06-17 00:28 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-17 00:28 . 2009-06-17 00:28 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-17 00:28 . 2009-06-17 00:13 -------- d-----w- c:\programdata\Installations
2009-06-17 00:27 . 2009-06-17 00:28 24376008 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_en.exe
2009-06-17 00:18 . 2009-06-17 00:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-06-17 00:18 . 2009-06-17 00:17 -------- d-----w- c:\programdata\PC Suite
2009-06-17 00:18 . 2009-06-17 00:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-17 00:17 . 2009-06-17 00:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-17 00:17 . 2009-06-17 00:17 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-17 00:16 . 2009-06-17 00:16 -------- d-----w- c:\program files\DIFX
2009-06-17 00:16 . 2009-06-17 00:16 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-17 00:13 . 2009-06-17 00:13 8192 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-17 00:13 . 2009-06-17 00:13 61440 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-17 00:13 . 2009-06-17 00:13 10240 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-14 09:07 . 2009-06-14 09:07 -------- d-----w- c:\program files\MSXML 4.0
2009-06-13 10:36 . 2009-06-09 10:17 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-11 10:28 . 2009-06-11 10:28 -------- d-----w- c:\users\asa\AppData\Roaming\Media Player Classic
2009-06-09 10:31 . 2009-06-17 00:14 34396584 ----a-w- c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_web.exe
2009-06-09 10:18 . 2009-06-09 10:18 -------- d-----w- c:\program files\Futuremark
2009-06-07 23:42 . 2009-06-01 19:05 -------- d-----w- c:\programdata\NVIDIA
2009-06-06 21:48 . 2009-06-06 21:48 -------- d-----w- c:\program files\Microsoft Math Add-in for Word 2007
2009-06-06 05:58 . 2009-06-02 22:17 -------- d-----w- c:\program files\World of Warcraft
2009-06-05 21:40 . 2009-06-05 21:40 -------- d-----w- c:\programdata\Blizzard
2009-06-05 21:02 . 2009-06-05 21:02 91136 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Windows Live Essentials\10000001400002h\msiexec.exe
2009-06-05 21:02 . 2009-06-05 21:02 91136 ----a-w- c:\users\asa\AppData\Roaming\Thinstall\Windows Live Essentials\4000003b800002h\msnmsgr.exe
2009-06-03 21:45 . 2009-06-03 21:45 198064 ----a-w- c:\users\asa\AppData\Roaming\IDM\idmmzcc02\components\idmmzcc.dll
2009-06-03 21:33 . 2009-06-03 21:33 0 ----a-w- c:\windows\nsreg.dat
2009-06-03 21:15 . 2009-06-03 21:15 -------- d-----w- c:\program files\Windows Live
2009-06-03 21:15 . 2009-06-03 21:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-03 21:09 . 2009-06-03 21:09 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-03 10:28 . 2009-06-03 10:28 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-03 10:28 . 2009-06-03 10:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-03 10:27 . 2009-06-03 10:27 -------- d-----w- c:\programdata\avg8
2009-06-03 10:27 . 2009-06-03 10:27 -------- d-----w- c:\program files\AVG
2009-06-03 10:24 . 2009-06-03 10:24 -------- d-----w- c:\program files\PowerISO
2009-06-03 10:02 . 2009-06-03 10:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-02 22:34 . 2009-06-02 22:17 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-02 22:13 . 2009-07-14 21:45 2701500 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\BB FlashBack.exe
2009-06-02 22:12 . 2009-07-14 21:44 3553280 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\45D559EB\D8FFC998\FlashBack Recorder.exe
2009-06-02 22:10 . 2009-07-14 21:44 6850560 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\A2ADF0CB\D8FFC998\FlashBack Player.exe
2009-06-02 22:04 . 2009-07-14 21:44 84992 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\B708923F\3F343B0A\FlashBackInstall.dll
2009-06-02 22:01 . 2009-07-14 21:45 200704 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\7AE3FABF\AD52EFF7\PublishConfigurator.dll
2009-06-02 22:01 . 2009-07-14 21:45 106496 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\EE0DA67B\AD52EFF7\YouTubePublisher.dll
2009-06-02 22:01 . 2009-07-14 21:45 106496 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\CC622F81\AD52EFF7\RevverPublisher.dll
2009-06-02 22:01 . 2009-07-14 21:45 102400 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\83CFD3BC\AD52EFF7\ViddlerPublisher.dll
2009-06-02 22:01 . 2009-07-14 21:44 98304 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\7B709A09\AD52EFF7\FtpPublisher.dll
2009-06-02 22:01 . 2009-07-14 21:44 90112 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\80FD0D87\AD52EFF7\FileCopyPublisher.dll
2009-06-02 22:01 . 2009-07-14 21:44 147456 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\2192626E\AD52EFF7\DefConfig.exe
2009-06-02 22:01 . 2009-07-14 21:44 102400 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\E3C06657\AD52EFF7\Blip.tv.Publisher.dll
2009-06-02 22:01 . 2009-07-14 21:44 102400 -c--a-w- c:\programdata\{6B71DDD0-B12C-4427-A1DE-A57327178878}\OFFLINE\2BCAD258\AD52EFF7\CoggnoPublisher.dll
2009-06-02 16:11 . 2009-07-16 23:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-02 10:37 . 2009-06-01 19:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-01 23:04 . 2009-06-01 23:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-06-01 22:08 . 2009-06-01 18:07 -------- d-----w- c:\users\asa\AppData\Roaming\Uniblue
2009-06-01 22:08 . 2009-06-01 18:07 -------- d-----w- c:\program files\Uniblue
2009-06-01 19:02 . 2009-06-01 19:02 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-01 18:19 . 2009-06-01 18:19 -------- d-----w- c:\program files\Lavalys
2009-06-01 18:13 . 2009-06-01 16:15 680 ----a-w- c:\users\asa\AppData\Local\d3d9caps.dat
2009-06-01 17:45 . 2009-06-01 17:45 -------- d-----w- c:\program files\BitLocker
2009-05-29 21:37 . 2009-07-16 23:04 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-04-24 04:38 . 2009-06-03 21:33 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-04-08 12:05 739688 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-19 2811312]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\SYNCPROC.EXE" [2009-04-08 617336]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-09 1948440]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 774168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-04-30 92704]
"GrooveMonitor"="c:\progra~1\MICROS~3\Office14\GROOVEMN.EXE" [2009-04-25 875392]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):18,aa,f7,f7,a9,ba,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01CCD160-37E8-46E4-A1D9-7445A7BF2355}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{97023967-D825-4225-B793-8A84663921AE}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{1B60BCD0-0C3F-4BE6-A0D2-EBD0DCF98BBF}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{54C9AF81-79A9-4FFE-9EDD-4A7DDBF2596B}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{04C43213-D937-43C4-ACB2-9D03A75FFC3A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{15939D4A-C97E-476B-9625-4CB80C3F9FD3}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{68263842-9A52-4BC4-A8A4-4D1F08F43D9E}c:\\users\\asa\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\8s70glls\\sro_l4_full_client_downloader[1].exe"= UDP:c:\users\asa\appdata\local\microsoft\windows\temporary internet files\content.ie5\8s70glls\sro_l4_full_client_downloader[1].exe:sro_l4_full_client_downloader[1].exe
"UDP Query User{6A3286AC-006D-44F9-9563-3D682A88DD8A}c:\\users\\asa\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\8s70glls\\sro_l4_full_client_downloader[1].exe"= TCP:c:\users\asa\appdata\local\microsoft\windows\temporary internet files\content.ie5\8s70glls\sro_l4_full_client_downloader[1].exe:sro_l4_full_client_downloader[1].exe
"TCP Query User{C7CC8D5B-204D-48CE-938C-EEA53AA848AC}c:\\users\\asa\\documents\\downloads\\music\\world of warcraft\\launcher.exe"= UDP:c:\users\asa\documents\downloads\music\world of warcraft\launcher.exe:launcher.exe
"UDP Query User{CB90D0A1-AC9C-49C2-9087-56A1388FD7C5}c:\\users\\asa\\documents\\downloads\\music\\world of warcraft\\launcher.exe"= TCP:c:\users\asa\documents\downloads\music\world of warcraft\launcher.exe:launcher.exe
"{C71476DA-832E-48AD-B9E0-278579048C68}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EE42EA8D-9739-4A46-8C5A-CD4C396760AF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2A4FBB8F-48B4-4ADD-9F7C-4346EDDF5149}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{897BF63B-8C17-41E9-954E-51994B1251E0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{88D83C17-C93C-4AC5-8CAD-1C03F168E6B1}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{E7845BBB-2CA1-4C60-BB14-E387ECBCB982}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{7FE3E8B1-4512-4610-9493-D9CC93D27BB3}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{B0ACA309-1742-4641-9B9C-D578E24A979D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{1FBCB576-8149-4541-AEC0-0C7AD091D29F}"= UDP:c:\program files\Microsoft Office\Office14\GROOVE.EXE:Microsoft SharePoint Workspace
"{E9566EA5-CE70-47B5-B0FE-5ABE1A12E896}"= TCP:c:\program files\Microsoft Office\Office14\GROOVE.EXE:Microsoft SharePoint Workspace
"{C208D967-C882-4642-AB74-25051059DDF4}"= UDP:c:\program files\Microsoft Office\Office14\ONENOTE.EXE:Microsoft Office OneNote
"{1F092A0A-92B6-4976-B2DE-5DDE414B0549}"= TCP:c:\program files\Microsoft Office\Office14\ONENOTE.EXE:Microsoft Office OneNote
"{F6B150F8-A015-4CB8-A27B-ECF85C265E83}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{057144A7-C1EF-4BCB-B1B6-780A596C4742}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9F446AB3-17A4-4BDC-9578-AA838A733C56}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{96040969-12EE-4A1D-99C9-F3658B057B05}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{FA06E120-6E21-4F39-AA74-30F299220EAB}"= UDP:c:\windows\System32\PnkBstrA.exe

nkBstrA
"{92AEC274-3AEA-4821-936B-EC3DA2C1F6E4}"= TCP:c:\windows\System32\PnkBstrA.exe

nkBstrA
"{4288140A-D535-4BDF-8D2F-3FF8D1B1D919}"= UDP:c:\windows\System32\PnkBstrB.exe

nkBstrB
"{65D744DE-5B9A-478D-B755-78B02BCE8520}"= TCP:c:\windows\System32\PnkBstrB.exe

nkBstrB
"{26284319-CD7D-46AB-B2F9-76276F90231B}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{F97D067D-A86C-447B-BAB4-A40805FDDF2E}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{1A97A27C-089B-4A96-94E6-4EB571990C37}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{80F13CD9-949E-4132-9129-882A087BE10A}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{E4DCDD6F-F969-465F-87C2-D0F8C9A9E21E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{11BB3A7F-129C-49EB-A052-19B0F4C59061}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{D356C238-BDC2-45ED-A6DF-1EA161592EA0}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{83947ABB-2F5D-46D5-AD36-353A3B989F0C}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{E66C6229-C0E9-4B40-9095-7E374F2AAC1C}"= UDP:c:\pes 2009\pes2009.exe

ro Evolution Soccer 2009
"{68372E7C-3C03-408B-B33B-863E5858BE53}"= TCP:c:\pes 2009\pes2009.exe

ro Evolution Soccer 2009
"{12D95EA3-0E46-40BA-AF7E-7084F1238D0F}"= UDP:c:\pes 2009\pes2009.exe

ro Evolution Soccer 2009
"{2CED0B2E-0D7B-446F-AE29-51C439227A96}"= TCP:c:\pes 2009\pes2009.exe

ro Evolution Soccer 2009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-03-26 12672]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-04-25 33480048]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-06-03 12552]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-09 335752]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-06-03 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-09 907032]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-09 298776]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S2 osppsvc;Office Software Protection Platform;c:\windows\system32\OSPPSVC.EXE [2009-04-08 4319136]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-12-10 223232]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2009-07-14 4096]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
S3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: {{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
FF - ProfilePath - c:\users\asa\AppData\Roaming\Mozilla\Firefox\Profiles\1klnfct1.default\
FF - prefs.js: browser.startup.homepage -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-19 01:22
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-18 1:24
ComboFix-quarantined-files.txt 2009-07-18 21:24
Pre-Run: 35,507,093,504 bytes free
Post-Run: 37,491,912,704 bytes free
416 --- E O F --- 2009-07-15 23:02

ateeed · 23 يوليو 2009

شو طلعت نتيجة التقرير

فيروس غريب ينزل اغاني في الفلاش ميموري وغير قادر علي التخلص منه

ateeed

زيزوومي جديد

MAAX

عضوشرف

ateeed

زيزوومي جديد

ateeed

زيزوومي جديد

MAAX

عضوشرف

ateeed

زيزوومي جديد

سعود الشامان

زيزوومى محترف

توقيع : سعود الشامان

ateeed

زيزوومي جديد

AbOdy

عضو شرف

توقيع : AbOdy

ateeed

زيزوومي جديد

ateeed

زيزوومي جديد

NTLite Business 2025.8.10552 X64