در این تاپیک قصد دارم تا Malware ها یا بدافزارهایی را که وارد سیستم شما بصورت خواسته با ناخواسته می شوند
را معرفی کنم تا بتوانید این نرم افزارهای جعلی را شناسایی کنید که تعداد آنها روز به روز در حال افزایش است.
متاسفانه اینگونه بدافزارها در سیستم های کاربران ایرانی رواج زیادی پیدا کرده و از روی ناآشنایی آنها را وارد سیستم های خود
می کنند.
روش حذف و پاکسازی سیستم از اینگونه بد آفزارها با نرم افزارهای امنیتی قدرمتند و Anti-Mlaware ها به راحتی امکان
پذیر است.
در این تاپیک فقط اینگونه نرم افزارها + مسیرهایی از هارددیسک و رجیستری ویندوز
که خود را قرار داده اند

MS Antispyware 2009

http://pnu-club.com/imported/mising.jpg

کد:

c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009
c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE
c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED
c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG
c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081214155256795.log
c:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED
%UserProfile%\Start Menu\Programs\MS AntiSpyware 2009
%UserProfile%\Start Menu\Programs\MS AntiSpyware 2009\MS AntiSpyware 2009.lnk
HKEY_CURRENT_USER\Software\CrucialSoft Ltd
HKEY_CURRENT_USER\Software\CrucialSoft Ltd\MS AntiSpyware 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\uninstall\MS AntiSpyware 2009 5.7
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "MS AntiSpyware 2009"

Antivirus 360

http://pnu-club.com/imported/mising.jpg

ن
قل قول:
c:\Program Files\A360
c:\Program Files\A360\av360.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk
%UserProfile%\Desktop\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360
%UserProfile%\Start Menu\Antivirus 360\Antivirus 360.lnk
%UserProfile%\Start Menu\Antivirus 360\Help.lnk
%UserProfile%\Start Menu\Antivirus 360\Registration.lnk
نقل قول:
HKEY_CURRENT_USER\Software\13376694984709702142491 016734454
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\ Run "13376694984709702142491016734454

SystemBooster2009

http://pnu-club.com/imported/mising.jpg

کد:
c:\My Downloads
c:\Program Files\SystemBooster2009 (Free Edition)
c:\Program Files\SystemBooster2009 (Free Edition)\install_stat2.tmp
c:\Program Files\SystemBooster2009 (Free Edition)\License Aggr.rtf
c:\Program Files\SystemBooster2009 (Free Edition)\Read Me.rtf
c:\Program Files\SystemBooster2009 (Free Edition)\sbr_cfg.ini
c:\Program Files\SystemBooster2009 (Free Edition)\sbr_inst.imd
c:\Program Files\SystemBooster2009 (Free Edition)\sbr_pcid.exe
c:\Program Files\SystemBooster2009 (Free Edition)\sbr_updater.exe
c:\Program Files\SystemBooster2009 (Free Edition)\sbrckrdr.exe
c:\Program Files\SystemBooster2009 (Free Edition)\startup_db.db
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009 Home Page.url
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009.chm
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009.config
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009.exe
c:\Program Files\SystemBooster2009 (Free Edition)\SystemBooster2009_Chk.exe
c:\Program Files\SystemBooster2009 (Free Edition)\Uninstall SystemBooster2009.exe
c:\Program Files\SystemBooster2009 (Free Edition)\comstart
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\001_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\003_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\006_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\007_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\009_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\011_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\013_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\016_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\017_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\020_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\023_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\027_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\030_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\031_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\033_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\040_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\EdTweaks\042_eddat.reg
c:\Program Files\SystemBooster2009 (Free Edition)\genstart
c:\Program Files\SystemBooster2009 (Free Edition)\Undo_Data
%UserProfile%\Desktop\QuickInstallPack.lnk
%UserProfile%\Local Settings\Application Data\qip
%UserProfile%\Local Settings\Application Data\qip\data.ini
%UserProfile%\Local Settings\Application Data\qip\iercpt.dll
%UserProfile%\Local Settings\Application Data\qip\QuickInstallPack.exe
%UserProfile%\Local Settings\Application Data\qip\systembooster2009_Setup_free_en.exe.ini
%UserProfile%\Local Settings\Application Data\USBR_QIP
%UserProfile%\Local Settings\Application Data\USBR_QIP\data.ini
%UserProfile%\Start Menu\Programs\QuickInstallPack
%UserProfile%\Start Menu\Programs\QuickInstallPack\QuickInstallPack on the Web.url
%UserProfile%\Start Menu\Programs\QuickInstallPack\QuickInstallPack.ln k
%UserProfile%\Start Menu\Programs\QuickInstallPack\Uninstall QuickInstallPack.lnk
c:\Documents and Settings\All Users\Desktop\SystemBooster2009 (Free Edition).lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\SystemBooster2009 Home Page.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\SystemBooster2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Uninstall SystemBooster2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Documentation
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Documentation\Documentation.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Documentation\License Aggr.rtf.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SystemBooster2009 (Free Edition)\Documentation\Read Me.rtf.lnk
کد:
HKEY_CURRENT_USER\Software\SystemBooster2009
HKEY_LOCAL_MACHINE\SOFTWARE\SystemBooster2009
HKEY_LOCAL_MACHINE\SOFTWARE\SystemBooster2009 (Free Edition)
HKEY_CLASSES_ROOT\AppID\{3A9377A6-BE7F-485D-908C-D44114691389}
HKEY_CLASSES_ROOT\AppID\iercpt.DLL
HKEY_CLASSES_ROOT\CLSID\{D4CDC21D-43BE-4101-A1EF-E379F134771E}
HKEY_CLASSES_ROOT\iercpt.iercptbho
HKEY_CLASSES_ROOT\iercpt.iercptbho.1
HKEY_CLASSES_ROOT\Interface\{59C345BA-3D5E-44E3-9D10-D3848AF15D73}
HKEY_CLASSES_ROOT\TypeLib\{A6FBD2E4-1C7E-4EAB-80DD-01DE2645566A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D4CDC21D-43BE-4101-A1EF-E379F134771E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\QuickInstallPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\SystemBooster2009 (Free Edition)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "QuickInstallPack"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "SBR2009F"
HKEY_LOCAL

Privacy Commander


http://pnu-club.com/imported/mising.jpg


کد:
c:\Documents and Settings\Bleeping\Desktop\Privacy Commander.lnk
c:\Documents and Settings\Bleeping\Start Menu\Programs\Privacy Commander
c:\Documents and Settings\Bleeping\Start Menu\Programs\Privacy Commander\Privacy Commander.lnk
c:\Documents and Settings\Bleeping\Start Menu\Programs\Privacy Commander\Uninstall.lnk
c:\Program Files\Privacy Commander
c:\Program Files\Privacy Commander\settings.ini
c:\Program Files\Privacy Commander\sysguard.exe
c:\Program Files\Privacy Commander\tipguard.exe
c:\Program Files\Privacy Commander\uninstall.exe
c:\Program Files\Privacy Commander\img
c:\Program Files\Privacy Commander\img\bg_fixed_de.jpg
c:\Program Files\Privacy Commander\img\bg_fixed_en.jpg
c:\Program Files\Privacy Commander\img\bg_fixed_es.jpg
c:\Program Files\Privacy Commander\img\bg_fixed_it.jpg
c:\Program Files\Privacy Commander\img\bg_licence_de.jpg
c:\Program Files\Privacy Commander\img\bg_licence_en.jpg
c:\Program Files\Privacy Commander\img\bg_licence_es.jpg
c:\Program Files\Privacy Commander\img\bg_licence_it.jpg
c:\Program Files\Privacy Commander\img\bg_main_de.jpg
c:\Program Files\Privacy Commander\img\bg_main_en.jpg
c:\Program Files\Privacy Commander\img\bg_main_es.jpg
c:\Program Files\Privacy Commander\img\bg_main_it.jpg
c:\Program Files\Privacy Commander\img\bg_warning_de.jpg
c:\Program Files\Privacy Commander\img\bg_warning_en.jpg
c:\Program Files\Privacy Commander\img\bg_warning_es.jpg
c:\Program Files\Privacy Commander\img\bg_warning_it.jpg
c:\Program Files\Privacy Commander\img\bt_activate_de.jpg
c:\Program Files\Privacy Commander\img\bt_activate_en.jpg
c:\Program Files\Privacy Commander\img\bt_activate_es.jpg
c:\Program Files\Privacy Commander\img\bt_activate_it.jpg
c:\Program Files\Privacy Commander\img\bt_cancel_de.jpg
c:\Program Files\Privacy Commander\img\bt_cancel_en.jpg
c:\Program Files\Privacy Commander\img\bt_cancel_es.jpg
c:\Program Files\Privacy Commander\img\bt_cancel_it.jpg
c:\Program Files\Privacy Commander\img\bt_fix_de.jpg
c:\Program Files\Privacy Commander\img\bt_fix_en.jpg
c:\Program Files\Privacy Commander\img\bt_fix_es.jpg
c:\Program Files\Privacy Commander\img\bt_fix_it.jpg
c:\Program Files\Privacy Commander\img\bt_ok_de.jpg
c:\Program Files\Privacy Commander\img\bt_ok_en.jpg
c:\Program Files\Privacy Commander\img\bt_ok_es.jpg
c:\Program Files\Privacy Commander\img\bt_ok_it.jpg
c:\Program Files\Privacy Commander\img\bt_silent_de.jpg
c:\Program Files\Privacy Commander\img\bt_silent_en.jpg
c:\Program Files\Privacy Commander\img\bt_silent_es.jpg
c:\Program Files\Privacy Commander\img\bt_silent_it.jpg
c:\Program Files\Privacy Commander\img\bt_upd_de.jpg
c:\Program Files\Privacy Commander\img\bt_upd_en.jpg
c:\Program Files\Privacy Commander\img\bt_upd_es.jpg
c:\Program Files\Privacy Commander\img\bt_upd_it.jpg
c:\Program Files\Privacy Commander\img\bt_update_de.jpg
c:\Program Files\Privacy Commander\img\bt_update_en.jpg
c:\Program Files\Privacy Commander\img\bt_update_es.jpg
c:\Program Files\Privacy Commander\img\bt_update_it.jpg
c:\Program Files\Privacy Commander\lang
c:\Program Files\Privacy Commander\lang\de.lng
c:\Program Files\Privacy Commander\lang\en.lng
c:\Program Files\Privacy Commander\lang\es.lng
c:\Program Files\Privacy Commander\lang\it.lng
c:\Program Files\Privacy Commander\sounds
c:\Program Files\Privacy Commander\sounds\1.mp3
c:\Program Files\Privacy Commander\sounds\2.mp3
c:\Program Files\Privacy Commander\sounds\3.mp3
کد:
HKEY_CURRENT_USER\Software\sysguard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\sysguard
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "tipguard.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"=>

Perfect Defender 2009

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\Perfect Defender 2009
c:\Program Files\Perfect Defender 2009\dbbase.div
c:\Program Files\Perfect Defender 2009\pd.dll
c:\Program Files\Perfect Defender 2009\pdfndr.exe
c:\Program Files\Perfect Defender 2009\pdmonitor.exe
c:\Program Files\Perfect Defender 2009\UnInstall.exe
c:\Documents and Settings\All Users\Start Menu\Perfect Defender 2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Perfect Defender 2009
c:\Documents and Settings\All Users\Start Menu\Programs\Perfect Defender 2009\Perfect Defender 2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Perfect Defender 2009\Uninstall Perfect Defender 2009.lnk
کد:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Perfect Defender 2009"

Nano Antivirus

http://pnu-club.com/imported/mising.jpg


کد:
c:\uninstallinfo.txt
c:\Documents and Settings\All Users\Application Data\Surround Software Solutions
c:\Documents and Settings\All Users\Application Data\Surround Software Solutions\Nano Antivirus
c:\Documents and Settings\All Users\Application Data\Surround Software Solutions\Nano Antivirus\nanoav.exe
c:\Documents and Settings\All Users\Application Data\Surround Software Solutions\Nano Antivirus\BASE
c:\Documents and Settings\All Users\Application Data\Surround Software Solutions\Nano Antivirus\DELETED
c:\Documents and Settings\All Users\Application Data\Surround Software Solutions\Nano Antivirus\LOG
c:\Documents and Settings\All Users\Application Data\Surround Software Solutions\Nano Antivirus\LOG\20081202135125769.log
c:\Documents and Settings\All Users\Application Data\Surround Software Solutions\Nano Antivirus\SAVED
کد:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\uninstall\Nano Antivirus 3.8
HKEY_CURRENT_USER\Software\Surround Software Solutions\Installer
HKEY_CURRENT_USER\Software\Surround Software Solutions\Nano Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "Nano Antivirus"

Secure Expert Cleaner

http://pnu-club.com/imported/mising.jpg


کد:
c:\uninstallinfo.txt
c:\My Downloads
c:\Program Files\SecureExpertCleaner
c:\Program Files\SecureExpertCleaner\mfc80.dll
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.MFC.manif est
c:\Program Files\SecureExpertCleaner\Reminder.exe
c:\Program Files\SecureExpertCleaner\SEC.exe
c:\Program Files\SecureExpertCleaner\SEC.ico
c:\Program Files\SecureExpertCleaner\SEC.xml
c:\Program Files\SecureExpertCleaner\unins.ico
c:\Program Files\SecureExpertCleaner\unins000.dat
c:\Program Files\SecureExpertCleaner\unins000.exe
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\Micro soft.VC80.CRT.manifest
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcp 80.dll
c:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcr 80.dll
c:\Documents and Settings\All Users\Application Data\SEC
c:\Documents and Settings\All Users\Application Data\SEC\base.dat
c:\Documents and Settings\All Users\Desktop\Secure ExpertCleaner.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner
c:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner\Launch SecureExpertCleaner.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SecureExpertCleaner\Uninstall SecureExpertCleaner.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SecureExpertCleaner.lnk
%UserProfile%\Application Data\SecureExpertCleaner
%UserProfile%\Application Data\SecureExpertCleaner\Logs
%UserProfile%\Application Data\SecureExpertCleaner\Logs\scns.log
%UserProfile%\Desktop\QuickInstallPack.lnk
%UserProfile%\Local Settings\Application Data\qip
%UserProfile%\Local Settings\Application Data\qip\data.ini
%UserProfile%\Local Settings\Application Data\qip\iercpt.dll
%UserProfile%\Local Settings\Application Data\qip\QuickInstallPack.exe
%UserProfile%\Local Settings\Application Data\qip\SecureExpertCleaner_Pandora_Dual_En.exe.i ni
%UserProfile%\Start Menu\Programs\QuickInstallPack
%UserProfile%\Start Menu\Programs\QuickInstallPack\QuickInstallPack on the Web.url
%UserProfile%\Start Menu\Programs\QuickInstallPack\QuickInstallPack.ln k
%UserProfile%\Start Menu\Programs\QuickInstallPack\Uninstall QuickInstallPack.lnk
کد:
HKEY_CURRENT_USER\Software\SEC
HKEY_LOCAL_MACHINE\SOFTWARE\SEC
HKEY_CURRENT_USER\Software\SecureExpertCleaner
HKEY_CLASSES_ROOT\AppID\{3A9377A6-BE7F-485D-908C-D44114691389}
HKEY_CLASSES_ROOT\AppID\iercpt.DLL
HKEY_CLASSES_ROOT\CLSID\{D4CDC21D-43BE-4101-A1EF-E379F134771E}
HKEY_CLASSES_ROOT\iercpt.iercptbho
HKEY_CLASSES_ROOT\iercpt.iercptbho.1
HKEY_CLASSES_ROOT\Interface\{59C345BA-3D5E-44E3-9D10-D3848AF15D73}
HKEY_CLASSES_ROOT\TypeLib\{A6FBD2E4-1C7E-4EAB-80DD-01DE2645566A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D4CDC21D-43BE-4101-A1EF-E379F134771E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\3P_USEC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\QuickInstallPack
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "QuickInstallPack"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent\Post Platform "3P_USEC 1.0.10.8"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Reminder"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "SecureExpertCleaner"

Winweb Security

http://pnu-club.com/imported/mising.jpg


کد:
c:\Documents and Settings\All Users\Application Data\WinwebSecurity
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\Languages
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\config.udb
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\init.udb
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\WinwebSecurity.exe
c:\Documents and Settings\All Users\Application Data\WinwebSecurity\Languages\English.lng
کد:
HKEY_CLASSES_ROOT\CLSID\{D5DF7C9D-6069-4552-8B0C-D02A912FC889}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D5DF7C9D-6069-4552-8B0C-D02A912FC889}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "WinwebSecurity"

Extra Antivir

http://pnu-club.com/imported/mising.jpg


کد:
%UserProfile%\Application Data\Extra Antivir
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_
%UserProfile%\Application Data\Extra Antivir\Extra Antivir.ini
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_\ base.dat
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_\ base2.dat
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_\ Desc.dat
%UserProfile%\Application Data\install_511_MHwzNnwxMDAwMDAwMDAwfHx8fHx8fHw_\ spline.dat
کد:
HKEY_CURRENT_USER\Software\Extra Antivir

AntiSpywareGuard

http://pnu-club.com/imported/mising.jpg



کد:
c:\Program Files\AntiSpywareGuard
c:\Program Files\AntiSpywareGuard\asg.exe
c:\Program Files\AntiSpywareGuard\asg.ini
c:\Program Files\AntiSpywareGuard\BL.dat
c:\Program Files\AntiSpywareGuard\PP.exe
c:\Program Files\AntiSpywareGuard\WL.dat
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareGuard
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareGuard\AntiSpywareGuard.ln k
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareGuard\Uninstall AntiSpywareGuard.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareGuard.lnk
%UserProfile%\Desktop\AntiSpywareGuard.lnk
کد:
HKEY_CURRENT_USER\Software\AntiSpywareGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\AntiSpywareGuard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent\Post Platform "3P_UASG 1.0.6.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "AntiSpywareGuard"


__________________

SpywareRemover 2009

http://pnu-club.com/imported/mising.jpg


کد:
c:\END
c:\Program Files\SpywareRemover2009
c:\Program Files\SpywareRemover2009\cn.exe
c:\Program Files\SpywareRemover2009\cn.xml
c:\Program Files\SpywareRemover2009\InstUp.exe
c:\Program Files\SpywareRemover2009\license.rtf
c:\Program Files\SpywareRemover2009\mfc80.dll
c:\Program Files\SpywareRemover2009\Microsoft.VC80.CRT.manife st
c:\Program Files\SpywareRemover2009\Microsoft.VC80.MFC.manife st
c:\Program Files\SpywareRemover2009\msvcm80.dll
c:\Program Files\SpywareRemover2009\msvcp80.dll
c:\Program Files\SpywareRemover2009\msvcr80.dll
c:\Program Files\SpywareRemover2009\PaymentPage.exe
c:\Program Files\SpywareRemover2009\pv.dat
c:\Program Files\SpywareRemover2009\readme.rtf
c:\Program Files\SpywareRemover2009\settings.ini
c:\Program Files\SpywareRemover2009\SR.exe
c:\Program Files\SpywareRemover2009\SR.xml
c:\Program Files\SpywareRemover2009\unins000.dat
c:\Program Files\SpywareRemover2009\unins000.exe
c:\Program Files\SpywareRemover2009\updateapp.dat
c:\Program Files\SpywareRemover2009\updatedb.dat
c:\Program Files\SpywareRemover2009\Updater.dll
c:\Program Files\SpywareRemover2009\UserAgent.dll
c:\Program Files\SpywareRemover2009\database
c:\Program Files\SpywareRemover2009\database\AutoProcess.dat
c:\Program Files\SpywareRemover2009\database\enemies.dat
c:\Program Files\SpywareRemover2009\database\Summary.dat
c:\Program Files\SpywareRemover2009\database\vbpv.dat
c:\Program Files\SpywareRemover2009\database\quarantine.dat
c:\Program Files\SpywareRemover2009\database\quarantine.dat\# post_quarantine
c:\Program Files\SpywareRemover2009\Quarantine
c:\Program Files\SpywareRemover2009\quaratine.dat
%UserProfile%\Desktop\SpywareRemover2009.lnk
%UserProfile%\Local Settings\Temp\USRM
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\Abbr
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ActivationCode
c:\Documents and Settings\All Users\Application Data\SpywareRemover2009\Data\ProductCode
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Contact customer support.url
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover200 9 Online Manual.url
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\SpywareRemover200 9.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SpywareRemover2009\Uninstall SpywareRemover2009.lnk
کد:
HKEY_CURRENT_USER\Software\SpywareRemover2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\USRM_is1
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareRemover2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent\Post Platform "USRM 1.0.165.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "SpywareRemover2009"

XP Protection Center

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\XPProtectionCenter
c:\Program Files\XPProtectionCenter\AVEngn.dll
c:\Program Files\XPProtectionCenter\htmlayout.dll
c:\Program Files\XPProtectionCenter\pthreadVC2.dll
c:\Program Files\XPProtectionCenter\Uninstall.exe
c:\Program Files\XPProtectionCenter\wscui.cpl
c:\Program Files\XPProtectionCenter\XPProtectionCenter.cfg
c:\Program Files\XPProtectionCenter\XPProtectionCenter.exe
c:\Program Files\XPProtectionCenter\data
c:\Program Files\XPProtectionCenter\data\daily.cvd
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\Micros oft.VC80.CRT.manifest
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcm8 0.dll
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcp8 0.dll
c:\Program Files\XPProtectionCenter\Microsoft.VC80.CRT\msvcr8 0.dll
c:\WINDOWS\agof.sys
c:\WINDOWS\fykutejudi.sys
c:\WINDOWS\nojeneqy.bin
c:\WINDOWS\olis._dl
c:\WINDOWS\totewake.db
c:\WINDOWS\uzoxapylu.reg
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\foxubory.dll
c:\WINDOWS\system32\gihakigobu.dat
c:\Documents and Settings\All Users\Application Data\aqugomafa.reg
c:\Documents and Settings\All Users\Application Data\kiwivaxav.inf
c:\Documents and Settings\All Users\Documents\ozipajy.reg
%UserProfile%\Application Data\hewifehaby._dl
%UserProfile%\Application Data\ojas.scr
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\XPProtectionCenter.lnk
%UserProfile%\Cookies\esed._dl
%UserProfile%\Cookies\ogituqiv.dll
%UserProfile%\Cookies\ojow.dll
%UserProfile%\Cookies\zygewusyfa.pif
%UserProfile%\Desktop\XPProtectionCenter.lnk
%UserProfile%\Local Settings\Application Data\aboh.com
%UserProfile%\Local Settings\Application Data\alarefuqe.exe
%UserProfile%\Local Settings\Application Data\mokofyf.exe
%UserProfile%\Local Settings\Application Data\pyxixu.exe
%UserProfile%\Local Settings\Application Data\sefyjemasy.vbs
%UserProfile%\Local Settings\Application Data\tuqijorujo.reg
%UserProfile%\Local Settings\Application Data\weci.bat
%UserProfile%\Local Settings\Temporary Internet Files\lavev.exe
%UserProfile%\Local Settings\Temporary Internet Files\ruhuf.sys
%UserProfile%\Start Menu\Programs\XPProtectionCenter
%UserProfile%\Start Menu\Programs\XPProtectionCenter\Uninstall.lnk
%UserProfile%\Start Menu\Programs\XPProtectionCenter\XPProtectionCente r.lnk
c:\Program Files\Common Files\liguzynaku.pif
c:\Program Files\Common Files\palozace.vbs
c:\Program Files\Common Files\usuk.scr
کد:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\XPProtectionCenter
HKEY_LOCAL_MACHINE\SOFTWARE\XPProtectionCenter
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "XP Protection

VirusTrigger

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\VirusTriggerBin
c:\Program Files\VirusTriggerBin\uninst.exe
c:\Program Files\VirusTriggerBin\VirusTriggerBin.exe
c:\Program Files\VirusTriggerBin\VirusTriggerBinWarning.dll
c:\Program Files\WebMediaViewer
c:\Program Files\WebMediaViewer\browseu.exe
c:\Program Files\WebMediaViewer\browseul.dll
c:\Program Files\WebMediaViewer\hpmom.exe
c:\Program Files\WebMediaViewer\hpmon.exe
c:\Program Files\WebMediaViewer\hpmun.dll
c:\Program Files\WebMediaViewer\hpmun.exe
c:\Program Files\WebMediaViewer\myd.ico
c:\Program Files\WebMediaViewer\mym.ico
c:\Program Files\WebMediaViewer\myp.ico
c:\Program Files\WebMediaViewer\myv.ico
c:\Program Files\WebMediaViewer\ot.ico
c:\Program Files\WebMediaViewer\qttask.exe
c:\Program Files\WebMediaViewer\qttaskm.exe
c:\Program Files\WebMediaViewer\qttasku.exe
c:\Program Files\WebMediaViewer\ts.ico
c:\WINDOWS\system32\512686
c:\WINDOWS\system32\512686\512686.dll
c:\WINDOWS\system32\algg.exe
c:\WINDOWS\system32\gowqug.dll
c:\Documents and Settings\All Users\Desktop\Antivirus Scan.url
c:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url
c:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url
c:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
%UserProfile%\Desktop\VirusTrigger 2.1.lnk
%UserProfile%\Favorites\Antivirus Scan.url
%UserProfile%\My Documents\My Documents.url
%UserProfile%\My Documents\My Music\My Music.url
%UserProfile%\My Documents\My Pictures\My Pictures.url
%UserProfile%\My Documents\My Videos
%UserProfile%\My Documents\My Videos\My Video.url
%UserProfile%\Start Menu\VirusTrigger 2.1.lnk
%UserProfile%\Start Menu\Programs\VirusTrigger 2.1
%UserProfile%\Start Menu\Programs\VirusTrigger 2.1\VirusTrigger 2.1.lnk
c:\Program Files\Mozilla Firefox\searchplugins\search.xml
کد:
HKEY_CURRENT_USER\Software\VirusTriggerBin
HKEY_CURRENT_USER\Software\WebMediaViewer
HKEY_CLASSES_ROOT\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}
HKEY_CLASSES_ROOT\CLSID\{1f3dd9bf-1472-4a8b-b295-b596a597149b}
HKEY_CLASSES_ROOT\CLSID\{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}
HKEY_CLASSES_ROOT\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7}
HKEY_CLASSES_ROOT\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}
HKEY_CLASSES_ROOT\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5}
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKEY_CLASSES_ROOT\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKEY_CLASSES_ROOT\VirusTriggerBinWarning.WarningBH O
HKEY_CLASSES_ROOT\VirusTriggerBinWarning.WarningBH O.1
HKEY_CLASSES_ROOT\webmedia.chl
HKEY_CLASSES_ROOT\z444.z444mgr
HKEY_CLASSES_ROOT\z444.z444mgr.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{51B15F5A-E98B-4658-B9CB-9307B74773A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Browser Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\IExplorer add-on
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Online Alert Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\System Alert Popup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\VirusTriggerBin
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "VirusTriggerBin"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "wblogon"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\VirusTriggerBin "(Default)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler "{1f3dd9bf-1472-4a8b-b295-b596a597149b}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer\run "QuickTime Task"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer\run "VMware hptray"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "ITBar7Layout

Ultra Antivirus 2009

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\UltraAV
c:\Program Files\UltraAV\UltraAV.cpl
c:\Program Files\UltraAV\UltraAV.exe
c:\Program Files\UltraAV\UltraAV.ooo
c:\Program Files\UltraAV\UltraAV0.dat
c:\Program Files\UltraAV\UltraAV1.dat
c:\Program Files\UltraAV\Uninstall.exe
c:\Documents and Settings\Bleeping\Desktop\Ultra Antivirus 2009.lnk
کد:
HKEY_CLASSES_ROOT\.key
HKEY_CURRENT_USER\Software\UltraAV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\UltraAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "ANTIVIRUS"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "ANTIVIRUS"

Antivirus Pro 2009

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\AntivirusPro2009
c:\Program Files\AntivirusPro2009\AntivirusPro2009.cfg
c:\Program Files\AntivirusPro2009\AntivirusPro2009.exe
c:\Program Files\AntivirusPro2009\AVEngn.dll
c:\Program Files\AntivirusPro2009\htmlayout.dll
c:\Program Files\AntivirusPro2009\pthreadVC2.dll
c:\Program Files\AntivirusPro2009\Uninstall.exe
c:\Program Files\AntivirusPro2009\wscui.cpl
c:\Program Files\AntivirusPro2009\data
c:\Program Files\AntivirusPro2009\data\daily.cvd
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\Microsof t.VC80.CRT.manifest
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80. dll
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80. dll
c:\Program Files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80. dll
c:\Documents and Settings\Bleeping\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro2009.lnk
c:\Documents and Settings\Bleeping\Desktop\AntivirusPro2009.lnk
c:\Documents and Settings\Bleeping\Start Menu\Programs\AntivirusPro2009
c:\Documents and Settings\Bleeping\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.ln k
c:\Documents and Settings\Bleeping\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk
c:\WINDOWS\dyxad.bat
c:\WINDOWS\gutysolyk.dll
c:\WINDOWS\oheva._dl
c:\WINDOWS\uhuleko.bat
c:\WINDOWS\ulysi.bin
c:\WINDOWS\votadiboz.sys
c:\WINDOWS\xocorepen.lib
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\mehydohahe.scr
c:\WINDOWS\system32\owah.bat
c:\WINDOWS\system32\uquhoti.reg
c:\WINDOWS\system32\zuxeme._dl
c:\Program Files\Common Files\buryleto.dll
c:\Documents and Settings\All Users\Application Data\cyqi.sys
c:\Documents and Settings\All Users\Application Data\gemegiqyno.ban
c:\Documents and Settings\All Users\Application Data\pisijupag.dll
c:\Documents and Settings\All Users\Application Data\pymom.lib
c:\Documents and Settings\All Users\Application Data\wivodexy.reg
c:\Documents and Settings\All Users\Application Data\yzotuxeka.vbs
c:\Documents and Settings\Bleeping\Application Data\ydutufuj.inf
c:\Documents and Settings\Bleeping\Local Settings\Application Data\coziguduca._sy
c:\Documents and Settings\Bleeping\Local Settings\Application Data\fapeka._dl
c:\Documents and Settings\Bleeping\Local Settings\Application Data\gukusozy.sys
c:\Documents and Settings\Bleeping\Local Settings\Application Data\iluqopohaz.ban
کد:
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\AntivirusPro2009
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Antivirus Pro 2009

Personal Defender 2009

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\Personal Defender 2009
c:\Program Files\Personal Defender 2009\dbbase.div
c:\Program Files\Personal Defender 2009\pdefendr.exe
%UserProfile%\Desktop\sccmsk.dll
%UserProfile%\Local Settings\Temp\ikbmqvex.exe
c:\Documents and Settings\Bleeping\Start Menu\Programs\Personal Defender 2009
c:\Documents and Settings\Bleeping\Start Menu\Personal Defender 2009.lnk
c:\Documents and Settings\Bleeping\Start Menu\Programs\Personal Defender 2009\Personal Defender 2009.lnk
کد:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "asus32"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Personal Defender 2009"

WinDefender 2009

http://pnu-club.com/imported/mising.jpg


کد:
c:\WINDOWS\k.txt
c:\Program Files\WinDefender
c:\Program Files\WinDefender\uninstall.exe
c:\Program Files\WinDefender\windef.exe
c:\Program Files\WinDefender\WinDefender.s1
c:\Program Files\WinDefender\WinDefender.s2
c:\Program Files\WinDefender\WinDefender.s3
c:\Program Files\WinDefender\WinDefender.s4
c:\Program Files\WinDefender\WinDefender.s5
c:\Program Files\WinDefender\WinDefender.s6
%UserProfile%\Desktop\WinDefender 2009.lnk
%UserProfile%\Start Menu\Programs\WinDefender 2009.lnk
کد:
HKEY_CURRENT_USER\Software\WinDefender2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\WinDefender 2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "WinDefender2009"

Real Antivirus

http://pnu-club.com/imported/mising.jpg



کد:
c:\Program Files\RealAV
c:\Program Files\RealAV\RealAV.exe
c:\Program Files\RealAV\vscan.tsi
c:\Program Files\RealAV\zlib.dll
c:\Program Files\RealAV\Infected
c:\Program Files\RealAV\Suspicious
%UserProfile%\Desktop\RealAV.lnk
%UserProfile%\Start Menu\Programs\RealAV
%UserProfile%\Start Menu\Programs\RealAV\RealAV.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\RealAV.lnk
کد:
HKEY_CURRENT_USER\Software\RealAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "RealAV.exe"


_____________


_____

AntiSpywareXP 2009

http://pnu-club.com/imported/mising.jpg

ک
د:
c:\Program Files\AntiSpywareXP2009
c:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg
c:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe
c:\Program Files\AntiSpywareXP2009\AVEngn.dll
c:\Program Files\AntiSpywareXP2009\htmlayout.dll
c:\Program Files\AntiSpywareXP2009\pthreadVC2.dll
c:\Program Files\AntiSpywareXP2009\Uninstall.exe
c:\Program Files\AntiSpywareXP2009\wscui.cpl
c:\Program Files\AntiSpywareXP2009\data
c:\Program Files\AntiSpywareXP2009\data\daily.cvd
c:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT
c:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microso ft.VC80.CRT.manifest
c:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80 .dll
c:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80 .dll
c:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80 .dll
c:\Program Files\Common Files\esylol.pif
c:\Program Files\Common Files\xycyq.lib
c:\Program Files\Common Files\ymasum.vbs
c:\Program Files\Common Files\yxeg.dl
c:\WINDOWS\orezytoni.lib
c:\WINDOWS\orybug.sys
c:\WINDOWS\uxuwel.bat
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\eqakok.bat
c:\WINDOWS\system32\icumodypah._dl
c:\WINDOWS\system32\ygawufyx._sy
c:\Documents and Settings\All Users\Application Data\ixob.inf
c:\Documents and Settings\All Users\Application Data\ojubytu.pif
c:\Documents and Settings\All Users\Application Data\otycybyw._sy
c:\Documents and Settings\All Users\Documents\ogaqanyrim.ban
c:\Documents and Settings\All Users\Documents\pafyrunyt.scr
%UserProfile%\Application Data\afosaqim.ban
%UserProfile%\Application Data\cuzaryve.db
%UserProfile%\Application Data\emisom.dat
%UserProfile%\Application Data\ubir.bat
%UserProfile%\Application Data\ubofih.scr
%UserProfile%\Application Data\uhadi.bat
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk
%UserProfile%\Cookies\dutyfal._dl
%UserProfile%\Desktop\AntiSpywareXP2009.lnk
%UserProfile%\Local Settings\Application Data\otux.inf
%UserProfile%\Local Settings\Application Data\qefufa.bat
%UserProfile%\Start Menu\Programs\AntiSpywareXP2009
%UserProfile%\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009. lnk
%UserProfile%\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk
کد:
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareXP2009
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "AntiSpywareXP 2009"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\AntiSpywareXP2009

AntiSpy 2008

http://pnu-club.com/imported/mising.jpg


کد:
c:\Documents and Settings\All Users\Desktop\Launch Antispy 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpy
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpy\AntiSpy 2008
c:\Documents and Settings\All Users\Start Menu\Programs\AntiSpy\AntiSpy 2008\Launch Antispy 2008.lnk
c:\Program Files\AntiSpy
c:\Program Files\AntiSpy 2008
c:\Program Files\AntiSpy\AntiSpy2008
c:\Program Files\AntiSpy 2008\Antispy2008.exe
c:\Program Files\AntiSpy 2008\info.bin
c:\Program Files\AntiSpy 2008\resources.bin
کد:
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{DA7C0B96-87EF-484A-B67C-EBF12E666C2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "AntiSpy2008"

Antivirus Plus

http://pnu-club.com/imported/mising.jpg


کد:
c:\WINDOWS\system\rundll32.exe

Pro Antispyware 2009

http://pnu-club.com/imported/mising.jpg


کد:
O2 - BHO: mxlivemedia browser enhancer - {FDA08241-09F3-2DBE-22B1-5B44B581231C} - C:\WINDOWS\system32\gisyflngpshcvuakv.dll
O4 - HKLM\..\Run: [mfhsornwnduy] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gisyflngpshcvuakv.dll"
O4 - HKCU\..\Run: [Pro Antispyware 2009] "C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" /autorun
کد:
HKEY_CURRENT_USER\Software\{EBFF3366-F653-ACA1-0798-E062A58FA824}
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Ext\Stats\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_CURRENT_USER\Software\Solt Lake Software
HKEY_CLASSES_ROOT\CLSID\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDA08241-09F3-2DBE-22B1-5B44B581231C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\uzymaulreqvtfzbe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "mfhsornwnduy"

Security 2009

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\Security 2009
c:\Program Files\Security 2009\uninst.exe
%UserProfile%\Desktop\Security 2009.lnk
%UserProfile%\Application Data\install.exe
%UserProfile%\Application Data\Security2009.exe
%UserProfile%\Application Data\Security2009
%UserProfile%\Application Data\Security2009\SC_Base_new.dat
%UserProfile%\Application Data\Security2009\SC_Config.ini
%UserProfile%\Start Menu\Programs\Security 2009
%UserProfile%\Start Menu\Programs\Security 2009\Purchase License.url
%UserProfile%\Start Menu\Programs\Security 2009\Security 2009.lnk
%UserProfile%\Start Menu\Programs\Security 2009\Support Page.url
کد:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Secure
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\Security 2009.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Security 2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Security 2009"

SpyProtector

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\Spy Protector
%UserProfile%\Application Data\install.exe
%UserProfile%\Application Data\shellex.dll
%UserProfile%\Application Data\srcss.exe
%UserProfile%\Application Data\Mozilla\Firefox\Profiles\s1jqw0bz.default\par ent.lock
%UserProfile%\Application Data\Mozilla\Firefox\Profiles\s1jqw0bz.default\boo kmarkbackups\bookmarks-2008-10-19.html
%UserProfile%\Application Data\SpyProtector
%UserProfile%\Application Data\SpyProtector\SC_Base_new.dat
%UserProfile%\Application Data\SpyProtector\SC_Config.ini
%UserProfile%\Desktop\Spy Protector.lnk
%UserProfile%\Start Menu\Programs\Spy Protector
%UserProfile%\Start Menu\Programs\Spy Protector\Purchase License.url
%UserProfile%\Start Menu\Programs\Spy Protector\Spy Protector.lnk
%UserProfile%\Start Menu\Programs\Spy Protector\Support Page.url
کد:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\SpyProtector
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Sp y Protector
HKEY_CLASSES_ROOT\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}
HKEY_CLASSES_ROOT\CLSID\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers\Spy Protector
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandler s\Spy Protector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\App Paths\srcss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "Spy Protector"

PC Defender 2008

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\thcrkrj0etfg
c:\Program Files\thcrkrj0etfg\database.dat
c:\Program Files\thcrkrj0etfg\license.txt
c:\Program Files\thcrkrj0etfg\MFC71.dll
c:\Program Files\thcrkrj0etfg\MFC71ENU.DLL
c:\Program Files\thcrkrj0etfg\msvcp71.dll
c:\Program Files\thcrkrj0etfg\msvcr71.dll
c:\Program Files\thcrkrj0etfg\thcrkrj0etfg.exe
c:\Program Files\thcrkrj0etfg\thcrkrj0etfg.exe.local
c:\Program Files\thcrkrj0etfg\uninstall.exe
c:\Documents and Settings\All Users\Desktop\PC Defender 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008\How to Register PC Defender 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008\License Agreement.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008\PC Defender 2008.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\PC Defender 2008\Register PC Defender 2008.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Defender 2008.lnk
%UserProfile%\Application Data\thcrkrj0etfg
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKCU
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKCU\RunOnce
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKLM
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\HKLM\RunOnce
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\StartMenuAllU sers
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Autorun\StartMenuCurr entUser
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\BrowserObjects
%UserProfile%\Application Data\thcrkrj0etfg\Quarantine\Packages
کد:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\thcrkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\thcrkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform "pcdefender2008"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run "SMthcrkrj0etfg"

Antivirus Plasma

http://pnu-club.com/imported/mising.jpg


کد:
c:\Program Files\Antivirus Plasma
c:\Program Files\Antivirus Plasma\Antivirus.exe
%UserProfile%\Start Menu\Programs\Antivirus Plasma
%UserProfile%\Start Menu\Programs\Antivirus Plasma\Antivirus Plasma.lnk
کد:
HKEY_CURRENT_USER\Software\Antivirus Plasma
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run "avpl"

RapidAntivirus

http://pnu-club.com/imported/mising.jpg


کد:
%UserProfile%\Application Data\Rapid Antivirus
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_\base.dat
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_\base2.dat
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_\Desc.dat
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_\spline.dat
%UserProfile%\Application Data\Rapid Antivirus\Rapid Antivirus.ini
کد:
HKEY_CURRENT_USER\Software\Rapid Antivirus