اصاب جهازي الفايروس w32@xorer.eul3 فماهو الحل

  • بادئ الموضوع بادئ الموضوع lepapillon
  • تاريخ البدء تاريخ البدء
  • المشاهدات 605
lepapillon

lepapillon

زيزوومى متألق
إنضم
19 يونيو 2008
المشاركات
281
مستوى التفاعل
25
النقاط
370
الإقامة
العراق
الموقع الالكتروني
www.zyzoom.org
غير متصل
اخوتي و أخواتي ...السلام عليكم...اصاب جهازي الفايروس w32@xorer.eul3..و كالعادة و منذ تسجيلي كعضو في منتدانا الغالي كان اول رد فعل لي هو اللجوء الى المنتدى...و حسب خبرتي السابقة فقد قمت بالبحث في المنتدى عن المشاركات السابقة علي ارى مشكلة مشابهة لمشكلتي و اجد بها الحل موفرا الوقت و الجهد على اخوتي الزيزوميين و تكليفهم عناء الرد على موضوع قد تمت الاجابة عليه سابقا..و لكن المفاجأة كانت هي أن كل الردود السابقة و حسب ما لاحظت لم تكن قادرة على ازالة الفايروس....شخصيا....أتمنى أن أكون مخطئا لأن المنتدى لحد هذه اللحظة لم يخذلني و لا مرة ...و أنا دائم المباهات به امام الآخرين. فارجوا من أخوتي عمالقة البروتكشن افادتي...لأني جربت كل الحلول المقترحة من قبل الاخوة في ردودهم على المواضيع السابقة. و لم تتم ازالة الفايروس. وعذرا على الاطالة و شكرا لكم مقدما
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلاام ورحمة الله وبركاته

اسمحلي بـ نقل الموضوع لـ قسمه الأنسب وتعديل العنوان لـ ينم عن محتواه

-------------

بالنسبـة لـ مشكلتك ,,

ادخل الوضع الآمن واعمل التالي :


(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


قم بتشغيلها واتبع الشرح :

ri0jwrauixffv0n3hsk9.png


ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :


ph5zm97asywocrv26o6n.png



تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :


vcugasz5fixcii0xz21f.png



بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار


q7nw2aekeox17qx62fkh.png



هذه هو التقرير قد خرج انسخه والصقه في ردك القادم


2uhlzh9hbxq4i16xu7do.png



(2)
حمل أداة الهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

kphzzpsh5mpfqbcw3yi9.png


بعد ان تشغل البرنامج اعمل الاتي :

gjmaza581l881lopj6o7.png


ستظهر لك هذه النافذه .. اتبع الشرح :


11tu2t6gl40lzqlf9yc8.png



ثم ستظهر لك هذه النافذه ::


zcmkecxjzd7pfypb4gdq.png



انسخ التقرير كاملا وارفقه في ردك القادم لتحليله​
 
توقيع : Al jNtEeL
تأييد 0
تقارير

تقرير الكومبو

ComboFix 08-09-20.05 - HAPPY TIMES 10/09/2008 22:25:44.6 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.814 [GMT 3:00]
Running from: C:\Documents and Settings\HAPPY TIMES\Desktop\repair\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 19:21 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-09 19:21 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-09 19:21 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-09 19:21 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-04 07:47 --------- d-----w C:\Program Files\Flash Slideshow Maker Professional
2008-10-04 00:06 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Publish Providers
2008-10-03 11:21 4 ----a-w C:\WINDOWSRegDefrag.dat
2008-10-03 00:51 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Systweak
2008-10-03 00:50 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-10-03 00:43 --------- d-----w C:\Program Files\DFX
2008-10-03 00:43 --------- d-----w C:\Program Files\Common Files\DFX
2008-10-03 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-10-03 00:36 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Sony
2008-10-03 00:34 --------- d-----w C:\Program Files\Vstplugins
2008-10-03 00:34 --------- d-----w C:\Program Files\Sony
2008-09-29 20:26 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\CyberScrub
2008-09-29 20:26 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\cleaner
2008-09-29 20:21 --------- d-----w C:\Program Files\spyer2k
2008-09-28 20:54 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Folder Guard
2008-09-28 20:49 --------- d-----w C:\Program Files\Folder Guard Pro
2008-09-26 18:26 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\TreeCardGames
2008-09-26 14:23 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\HP
2008-09-26 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-09-26 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-09-26 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-26 13:41 --------- d-----w C:\Program Files\Common Files\HP
2008-09-26 13:40 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-09-26 13:39 --------- d-----w C:\Program Files\HP
2008-09-25 13:38 --------- d-----w C:\Program Files\Common Files\Scanner
2008-09-25 13:37 --------- d-----w C:\Program Files\CA
2008-09-25 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-09-25 13:28 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-24 23:13 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\SEGA
2008-09-19 01:41 --------- d-----w C:\Program Files\Virtual DJ Studio
2008-09-19 01:34 --------- d-----w C:\Program Files\DUHALAB
2008-09-18 19:14 --------- d-----w C:\Program Files\WIDCOMM
2008-09-16 11:15 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Camfrog
2008-09-16 11:14 --------- d-----w C:\Program Files\Camfrog
2008-09-13 21:28 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-13 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-13 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-04 23:03 --------- d-----w C:\Program Files\Creative
2008-09-04 09:04 --------- d-----w C:\Program Files\Uniblue
2008-09-04 09:04 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Uniblue
2008-09-04 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-09-03 21:30 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Kaspersky_Key_Finder_(KKF
2008-09-01 21:08 --------- d-----w C:\Program Files\KingoOo_Upload
2008-09-01 12:03 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}
2008-09-01 12:03 --------- d-----w C:\Program Files\WinSysClean 2008 Trial
2008-08-31 08:34 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-31 08:34 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-30 17:47 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\iWin
2008-08-29 11:53 --------- d-----w C:\Program Files\Void War
2008-08-27 09:18 --------- d-----w C:\Program Files\Warkanoid 2
2008-08-27 09:12 --------- d-----w C:\Program Files\Warblade
2008-08-27 09:07 --------- d-----w C:\Program Files\Varmintz Deluxe
2008-08-27 09:04 --------- d-----w C:\Program Files\Twistingo
2008-08-27 09:02 --------- d-----w C:\Program Files\Twinxoid
2008-08-27 09:01 --------- d-----w C:\Program Files\Turtle Odyssey
2008-08-27 08:57 --------- d-----w C:\Program Files\Turtle Bay
2008-08-27 08:44 --------- d-----w C:\Program Files\Tumble Bugs
2008-08-27 08:44 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Wildfire
2008-08-27 08:33 --------- d-----w C:\Program Files\Pulsarius
2008-08-25 23:37 --------- d-----w C:\Program Files\SolSuite
2008-08-25 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\TreeCardGames
2008-08-25 23:22 --------- d-----w C:\Program Files\Ice Puzzle Deluxe
2008-08-23 13:41 --------- d-----w C:\Program Files\TechSmith
2008-08-23 13:33 --------- d-----w C:\Program Files\Aston
2008-08-23 13:11 --------- d-----w C:\Program Files\ReflexiveArcade
2008-08-23 13:02 --------- d-----w C:\Program Files\Teleport Pro
2008-08-23 08:13 --------- d-----w C:\Program Files\Common Files\GuruNet Shared
2008-08-23 08:13 --------- d-----w C:\Program Files\Common Files\Accent Shared
2008-08-23 08:12 --------- d-----w C:\Program Files\QuickWiz
2008-08-22 08:52 --------- d-----w C:\Program Files\MessengerDiscovery
2008-08-20 12:09 8 ----a-w C:\DFIMB.DAT
2008-08-18 00:42 --------- d-----w C:\Program Files\Opera
2008-08-15 20:20 274,432 ----a-w C:\WINDOWS\system32\yacscom.dll
2008-08-15 13:22 --------- d-----w C:\Program Files\Y!mLite
2008-08-09 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-09 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-09 22:08 --------- d-----w C:\Program Files\Yahoo!
2008-08-09 21:36 --------- d-----w C:\Program Files\Opera 9.5 beta
2008-08-09 21:34 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-09 21:30 --------- d-----w C:\Program Files\Windows Live
2008-08-09 20:14 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-08-09 20:14 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\URSoft
2008-08-09 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 19:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-09 13:43 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-09 13:43 --------- d-----w C:\Program Files\Ahead
2008-08-09 13:38 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-09 13:38 --------- d-----w C:\Program Files\ACD Systems
2008-08-09 13:38 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\ACD Systems
2008-08-09 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-09 13:31 --------- d-----w C:\Documents and Settings\HAPPY TIMES\Application Data\Media Player Classic
2008-08-09 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-09 13:30 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-09 13:29 --------- d-----w C:\Program Files\ImTOO
2008-08-09 13:26 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-09 13:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-21 20:21 524,288 ----a-w C:\Program Files\opera\program\plugins\rpcl3260.dll
2008-02-21 20:21 180,224 ----a-w C:\Program Files\opera\program\plugins\rpgu3260.dll
2008-02-21 20:21 598,016 ----a-w C:\Program Files\opera\program\plugins\rput3260.dll
2006-10-07 02:18 573,440 ----a-w C:\Program Files\opera\program\plugins\embd3260.dll
2008-03-19 17:22 249,856 ----a-w C:\Program Files\opera\program\plugins\PLUGIN.DLL
.

((((((((((((((((((((((((((((( snapshot@Wed 10-08-2008_ 1.54.03.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-23 16:01:38 124,928 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 16:01:38 347,136 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:01:40 214,528 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 16:01:40 132,608 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 16:01:40 63,488 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 16:01:40 153,088 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 16:01:40 230,400 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 16:01:40 383,488 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 16:01:44 6,068,736 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 16:01:44 44,544 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 16:01:44 267,776 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 16:01:46 27,648 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 16:01:50 3,594,240 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 16:01:50 477,696 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 16:01:50 193,024 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 16:01:50 671,232 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 16:01:50 102,912 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 16:01:50 44,544 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 16:01:50 105,984 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 16:01:52 1,162,752 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 16:01:52 233,472 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 16:01:52 827,904 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:34 14,048 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:22:32 22,752 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-08-13 15:39:00 123,904 ------w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2007-08-13 15:35:46 346,624 ------w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2007-08-13 15:35:38 214,528 ------w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2007-08-13 15:54:10 131,584 ------w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2007-08-13 15:36:26 61,952 ------w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2007-08-13 15:39:06 54,784 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2007-08-13 15:39:26 152,064 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2007-08-13 15:39:54 229,376 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2007-08-13 14:56:54 161,792 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2007-02-12 13:10:12 2,451,312 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dat
+ 2007-07-11 09:27:48 383,488 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2007-08-13 15:39:50 382,976 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2007-08-13 15:54:10 6,049,280 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2007-08-13 15:39:10 43,008 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2007-08-13 15:34:04 266,752 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2007-08-13 15:39:10 13,312 ------w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2007-08-13 15:43:56 622,080 ------w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2007-08-13 15:54:10 27,136 ------w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2007-08-13 15:54:10 458,752 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2007-08-13 15:54:10 50,688 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2007-08-13 15:54:12 3,578,368 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2007-08-13 15:54:10 475,648 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2007-08-13 15:44:26 192,000 ------w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2007-08-13 15:54:10 670,720 ------w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2007-08-13 15:44:06 101,376 ------w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2007-08-13 15:36:12 44,544 ------w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2007-08-13 15:44:30 105,984 ------w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2007-08-13 15:54:10 1,162,240 ------w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2007-08-13 15:54:10 231,424 ------w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2007-08-13 15:54:10 818,688 ------w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2001-01-12 13:10:24 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2003-02-28 13:35:26 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2008-10-08 08:21:04 2,678 ----a-w C:\WINDOWS\java\Packages\Data\4J53B537.DAT
+ 2008-10-08 08:21:02 2,678 ----a-w C:\WINDOWS\java\Packages\Data\9B9BNBPJ.DAT
+ 2008-10-08 08:21:00 2,678 ----a-w C:\WINDOWS\java\Packages\Data\JPZ1BR5F.DAT
+ 2008-10-08 08:21:08 2,678 ----a-w C:\WINDOWS\java\Packages\Data\NRJV5RJT.DAT
+ 2008-10-08 08:21:04 2,678 ----a-w C:\WINDOWS\java\Packages\Data\OTVT7BVD.DAT
- 2001-01-12 15:04:08 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2003-02-28 15:26:30 46,352 ----a-w C:\WINDOWS\setdebug.exe
- 2007-08-13 15:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2001-01-12 15:04:06 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2003-02-28 15:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
- 2007-08-13 15:39:00 123,904 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:28 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-13 15:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 15:35:38 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 15:54:10 131,584 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-13 15:39:06 54,784 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:26 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 15:39:26 152,064 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:30 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 15:39:54 229,376 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:30 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 14:56:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-06-23 16:57:30 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-13 15:39:50 382,976 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:30 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:34 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-13 15:39:10 43,008 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:34 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:34 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 09:20:26 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-08-13 15:43:56 622,080 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 15:54:10 27,136 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:36 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 15:54:12 3,578,368 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 07:57:40 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 15:54:10 475,648 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:40 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 15:44:26 192,000 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:40 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-13 15:54:10 670,720 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-13 15:44:06 101,376 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 15:36:12 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-13 15:44:30 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 15:54:10 1,162,240 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 15:54:10 231,424 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:42 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 15:54:10 818,688 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:42 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2001-01-12 13:09:58 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
+ 2003-02-28 13:34:42 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
- 2007-08-13 15:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 15:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 15:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-13 15:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-13 15:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:26 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 15:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:30 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 15:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:30 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 14:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 13:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 09:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:30 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-13 15:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:30 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 15:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:34 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-13 15:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:34 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 15:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-13 15:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2001-01-12 15:04:00 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-02-28 15:26:16 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
- 2001-01-12 15:04:00 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
+ 2003-02-28 15:26:18 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
- 2001-01-12 15:04:00 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
+ 2003-02-28 15:26:18 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
- 2001-01-12 15:04:02 404,752 ----a-w C:\WINDOWS\system32\javart.dll
+ 2003-02-28 15:26:18 404,752 ----a-w C:\WINDOWS\system32\javart.dll
- 2001-01-12 15:04:08 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2003-02-28 15:26:30 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
- 2001-01-12 15:04:02 171,280 ----a-w C:\WINDOWS\system32\jit.dll
+ 2003-02-28 15:26:20 171,280 ----a-w C:\WINDOWS\system32\jit.dll
- 2007-08-13 15:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:36 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2001-01-12 15:04:08 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2003-02-28 15:26:30 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2008-08-26 10:28:14 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2001-01-12 15:04:02 154,896 ----a-w C:\WINDOWS\system32\msawt.dll
+ 2003-02-28 15:26:20 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
- 2007-08-13 15:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 15:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 15:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 07:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 15:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:40 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2001-01-12 15:04:06 945,424 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2003-02-28 15:26:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2001-01-12 15:04:06 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
+ 2003-02-28 15:26:26 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
- 2007-08-13 15:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:40 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-13 15:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-13 15:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-08-13 15:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-13 15:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-13 15:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2001-01-12 15:04:06 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2003-02-28 15:26:26 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
- 2007-08-13 15:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:42 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-13 15:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:57:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2001-01-12 15:04:08 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
+ 2003-02-28 15:26:32 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/23/2004 12:00 PM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/23/2004 12:00 PM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 AM 49152]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/16/2004 05:27 AM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/16/2004 05:23 AM 118784]
"D-Link AirPlus XtremeG DWL-G520"="C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe" [06/21/2007 02:43 PM 1327104]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [09/25/2008 05:51 PM 181488]
"FG_Monitor"="C:\Program Files\Folder Guard Pro\FGKey.exe" [01/25/2007 12:00 AM 132680]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 03:06 AM 7311360]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/09/2008 04:25 PM 185896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"D-Link AirPlus XtremeG DWL-G520"="C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe" [06/21/2007 02:43 PM 1327104]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 AM 49152]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/16/2004 05:27 AM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/16/2004 05:23 AM 118784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 03:06 AM 7311360]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/09/2008 04:25 PM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"nwiz"="nwiz.exe" [12/10/2005 03:06 AM 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [05/23/2004 12:00 PM 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe "
"Userinit"="userinit.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.fraunhoferacm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 10/27/2006 12:47 AM 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 12/10/2005 03:06 AM 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 12/10/2005 03:06 AM 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 12/10/2005 03:06 AM 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:HTTP

S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
S2 FGUARD32;FGUARD32;C:\Program Files\Folder Guard Pro\FGUARD32.SYS [01/25/2007 12:00 AM 48768]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [05/23/2004 12:00 PM 14336]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [10/16/2006 12:58 AM 472832]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);C:\WINDOWS\system32\DRIVERS\webc3vid.sys [01/11/2001 09:02 AM 164827]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [ ]
S3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [09/25/2008 05:51 PM 185584]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [08/31/2008 11:34 AM 306432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HAPPY TIMES\Application Data\Mozilla\Firefox\Profiles\9wz5y0wm.default\
FF -: plugin - C:\Program Files\Opera\program\plugins\np-mswmp.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\np-mswmp.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP32DSW.DLL
FF -: plugin - C:\Program Files\Opera\program\plugins\npdevalvr.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdevalvr.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npindeo.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npindeo.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nprhapengine.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nprhapengine.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nprjplug.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
vbsfile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-09 22:26:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 10/09/2008 22:27:14
ComboFix-quarantined-files.txt 2008-10-09 19:27:12
ComboFix3.txt 2008-09-22 15:01:06
ComboFix2.txt 2008-10-07 22:54:40

Pre-Run: 8,285,372,416 bytes free
Post-Run: 8,326,823,936 bytes free

490 ---
E O F --- 2008-10-08 08:22:48


الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:48 م, on 09/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HAPPY TIMES\Desktop\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G520] C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\HAPPY TIMES\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\HAPPY TIMES\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F18D86E-93E6-48C8-A32A-E7C09393E2D3}: NameServer = 192.168.50.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7147 bytes
 
تأييد 0
اخوي جهازك سليم ومافيه الا العافية

كل تقاريرك سليمة ممكن المشكلة تكون في موقع او سيدي موجود عندك او في فلاش انت تستخدمه

وشوف رد الجنتل (( هذا حسب علمي كله سليم ))
 
توقيع : البارون
تأييد 0
اضافة الى كلام اخواني....:king:




حمل اداة الكاسبر من الرابط التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


اختر اخر ملف حسب الصورة التالية

zyzoom-7086381e99.png

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

zyzoom-3d6517b067.png

zyzoom-7717063ed7.png

zyzoom-cda271da05.png

zyzoom-26888dbf15.png

zyzoom-3f4576c288.png

ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
اخي التقرير سليم مالذي تشتكي منه في جهازك بالظبط ؟؟؟؟؟
 
توقيع : السّاجد لله
تأييد 0
hesham77 قال:
اخي التقرير سليم مالذي تشتكي منه في جهازك بالظبط ؟؟؟؟؟
أنقر للتوسيع...

اعتقد اخى الغالى انه يقصد ان الجهاز مفيرس


.اصاب جهازي الفايروس w32@xorer.eul3..
 
توقيع : Dr_Osama
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى