دويتو غريب
زيزوومى مميز
- إنضم
- 25 أغسطس 2008
- المشاركات
- 528
- مستوى التفاعل
- 0
- النقاط
- 520
- الإقامة
- يبي
- الموقع الالكتروني
- www,algrabiya.net
غير متصل
اخواني المشكله مبينها من عنوان الموضوع
وهذااا التقارير
ComboFix 09-06-04.09 - user 06/05/2009 18:04.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.223.110 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 14:57 . 2009-06-05 14:58 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Ashampoo AudioCD MP3 Studio 3
2009-06-05 14:57 . 2009-06-05 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-05 14:57 . 2009-06-05 14:57 -------- d-----w- c:\program files\Yahoo!
2009-06-05 14:57 . 2009-06-05 14:57 -------- d-----w- c:\program files\Ashampoo
2009-06-03 20:21 . 2009-06-03 20:23 -------- d-----w- c:\program files\The KMPlayer
2009-06-03 14:08 . 2006-01-26 05:26 196608 ----a-w- c:\windows\system32\DartSecureFtp.dll
2009-06-03 14:08 . 2006-01-26 05:26 196608 ----a-w- c:\windows\system32\DartFtp.dll
2009-06-03 14:08 . 2006-01-26 05:26 327680 ----a-w- c:\windows\system32\DartZip.dll
2009-06-03 14:08 . 2006-01-26 05:24 196608 ----a-w- c:\windows\system32\DartSecure2.dll
2009-06-03 14:08 . 2006-01-26 05:24 221184 ----a-w- c:\windows\system32\DartSock.dll
2009-06-03 14:08 . 2006-01-26 05:24 155648 ----a-w- c:\windows\system32\DartCertificate.dll
2009-06-03 14:08 . 2005-06-02 11:36 276352 ----a-w- c:\windows\system32\XceedSco.dll
2009-06-03 14:08 . 2000-12-06 06:59 316344 ----a-w- c:\windows\system32\TDBGPP.DLL
2009-06-03 14:08 . 1998-04-23 20:00 287504 ----a-w- c:\windows\system32\MSXBSE.dll
2009-06-03 14:08 . 2009-06-03 14:08 -------- d-----w- c:\program files\SOFTplus
2009-06-03 14:08 . 1998-04-23 20:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-30 11:21 . 2009-05-30 11:21 -------- d-----w- c:\program files\Winsyntax
2009-05-27 15:25 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-05-27 15:25 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-05-27 15:25 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-05-27 15:25 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-05-27 15:25 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-05-27 15:25 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-05-27 15:25 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-05-27 15:25 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-27 15:24 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-05-26 20:16 . 2009-05-26 20:16 390664 ----a-w- c:\documents and settings\user\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 19:02 . 2009-05-26 19:02 -------- d-----w- c:\windows\Muslim Bag
2009-05-26 19:02 . 2009-05-26 19:02 -------- d-----w- c:\program files\Muslim Bag
2009-05-24 16:19 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-23 20:54 . 2009-05-23 20:54 -------- d-----w- c:\program files\Google SiteMap Builder
2009-05-23 20:54 . 2002-07-26 15:02 62464 ----a-w- C:\UNWISE.EXE
2009-05-23 11:02 . 2009-05-23 11:02 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Opera
2009-05-23 11:02 . 2009-05-23 16:04 -------- d-----w- c:\program files\Opera
2009-05-23 09:14 . 2009-05-23 09:14 592 ----a-w- c:\windows\chgkey.vbs
2009-05-23 09:11 . 2009-05-23 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-22 10:21 . 2009-05-22 11:03 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo
2009-05-22 10:02 . 2009-05-22 10:02 -------- d-----w- C:\OutputFolder
2009-05-20 20:50 . 2009-05-22 11:03 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-05-19 17:44 . 2009-05-19 17:44 -------- d-----w- C:\winnt
2009-05-19 17:44 . 2009-05-19 17:44 -------- d-----w- C:\phptriad
2009-05-19 17:44 . 2009-05-19 17:44 -------- d-----w- C:\apache
2009-05-19 16:40 . 2000-05-14 19:45 73728 ----a-w- c:\windows\system32\fast2004.dll
2009-05-19 14:22 . 2009-05-19 14:22 198064 ----a-w- c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-19 14:22 . 2009-06-01 20:18 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-05-19 14:22 . 2009-06-05 15:09 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-05-19 14:22 . 2009-05-30 16:25 -------- d-----w- c:\program files\Internet Download Manager
2009-05-17 17:43 . 2004-08-03 21:55 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-05-17 17:43 . 2004-08-03 21:55 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-05-17 17:43 . 2004-08-03 21:45 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-17 17:43 . 2004-08-03 21:45 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-05-17 17:43 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-17 17:43 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-17 17:43 . 2004-08-03 20:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-17 17:43 . 2004-08-03 20:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-16 20:33 . 2009-05-27 19:46 -------- d-----w- c:\program files\aeY
2009-05-13 21:40 . 2000-01-24 02:01 453632 ----a-w- c:\windows\system32\stdvcl40.dll
2009-05-13 21:40 . 2009-05-13 21:41 -------- d-----w- c:\program files\Web CEO
2009-05-07 07:42 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 19:13 . 2001-09-19 15:00 40940 ----a-w- c:\windows\system32\perfc001.dat
2009-05-31 19:13 . 2001-09-19 15:00 254130 ----a-w- c:\windows\system32\perfh001.dat
2009-05-31 16:27 . 2009-03-07 21:26 -------- d-----w- c:\documents and settings\user\Application Data\cleaner
2009-05-27 15:56 . 2009-05-16 20:33 25073 ----a-w- c:\documents and settings\user\Application Data\YV.dat
2009-05-25 20:25 . 2005-01-13 14:54 166088 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\%drive_K%\MSOCache\All Users\microsoft.watson.alrtintl.data\AlrtIntl.dll
2009-05-24 17:34 . 2009-03-30 17:14 -------- d-----w- c:\documents and settings\user\Application Data\AdminSend
2009-05-24 17:34 . 2009-03-02 15:09 -------- d-----w- c:\program files\Circle Developement
2009-05-24 16:22 . 2009-03-30 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\STORE LESS JUGS SURF
2009-05-16 00:20 . 2009-03-30 11:09 -------- d-----w- c:\program files\SiteMap Generator
2009-05-15 17:27 . 2009-03-02 15:05 -------- d-----w- c:\program files\GRETECH
2009-05-15 10:06 . 2009-03-02 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-14 10:21 . 2009-03-02 17:13 -------- d-----w- c:\program files\Google
2009-05-13 21:37 . 2009-03-07 20:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-13 21:37 . 2009-03-28 10:46 -------- d-----w- c:\program files\SEO Studio
2009-04-14 19:35 . 2009-03-02 15:05 -------- d-----w- c:\program files\Common Files\Real
2009-04-14 19:35 . 2009-04-14 19:35 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-14 19:31 . 2009-04-14 19:31 -------- d-----w- c:\program files\AdminSend
2009-04-14 19:31 . 2009-04-12 06:30 -------- d-----w- c:\program files\GSA Auto Website Submitter
2009-03-27 01:36 . 2009-03-27 01:36 34304 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\4000001300002i\GoogleToolbarNotifier.exe
2009-03-27 01:36 . 2009-03-27 01:36 34304 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\4000009c00002i\IEXPLORE.EXE
2009-03-22 12:17 . 2009-03-22 12:17 34304 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\3000000043900002i\FRONTPG.EXE
2009-03-10 19:33 . 2009-03-02 14:51 139024 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 18:20 . 2009-03-09 18:20 1915520 ----a-w- c:\documents and settings\user\Application Data\Macromedia\Flash Player\
2009-03-09 01:53 . 2009-03-09 01:53 34304 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\10000001500002i\msiexec.exe
2009-03-07 22:47 . 2009-03-02 17:27 90112 ----a-w- c:\windows\DUMP4cf7.tmp
2009-03-07 22:46 . 2009-03-02 17:27 90112 ----a-w- c:\windows\DUMP5227.tmp
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\2MLF9FH7.DAT
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\CFRLFD3V.DAT
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\2WY83TJZ.DAT
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\Q21NJ3DZ.DAT
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\KRNHVRX7.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-03-31_23.16.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2000-08-24 18:44 . 2000-08-24 18:44 78848 c:\windows\system32\xmltok.dll
+ 2000-08-24 18:44 . 2000-08-24 18:44 40960 c:\windows\system32\xmlparse.dll
+ 2008-10-24 16:33 . 1998-06-17 21:00 89360 c:\windows\system32\VB5DB.dll
- 2009-03-06 20:06 . 2007-11-30 12:39 17784 c:\windows\system32\spmsg.dll
+ 2009-03-06 20:06 . 2008-07-08 12:58 17784 c:\windows\system32\spmsg.dll
+ 2001-09-19 15:00 . 2009-05-31 19:13 40836 c:\windows\system32\perfc009.dat
- 2004-08-03 22:58 . 2004-08-03 22:58 61440 c:\windows\system32\msvcrt40.dll
+ 2004-08-04 11:00 . 2004-08-04 11:00 61440 c:\windows\system32\msvcrt40.dll
+ 1997-09-08 00:13 . 1997-09-08 00:13 57344 c:\windows\system32\mSQL.dll
+ 2008-10-24 16:33 . 1999-06-10 06:34 24848 c:\windows\system32\MSJtEr35.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 15360 c:\windows\system32\msisip.dll
+ 2004-08-04 00:56 . 2005-05-04 11:45 78848 c:\windows\system32\msiexec.exe
+ 2000-10-22 04:41 . 2000-10-22 04:41 40960 c:\windows\system32\libsasl.dll
+ 2000-09-27 01:28 . 2000-09-27 01:28 40448 c:\windows\system32\libpq.dll
+ 2000-11-30 04:32 . 2000-11-30 04:32 15872 c:\windows\system32\gnu_gettext.dll
+ 2004-08-04 11:00 . 2004-08-04 11:00 61440 c:\windows\system32\dllcache\msvcrt40.dll
- 2004-08-03 22:58 . 2004-08-03 22:58 61440 c:\windows\system32\dllcache\msvcrt40.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-04 00:56 . 2005-05-04 11:45 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2008-07-29 05:05 . 2008-07-29 05:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 00:54 . 2008-07-29 00:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2001-05-16 22:17 . 2001-05-16 22:17 188416 c:\windows\system32\ssleay32.dll
+ 2001-09-19 20:52 . 2001-09-19 20:52 192512 c:\windows\system32\sablot.dll
+ 2009-03-02 15:06 . 2008-09-10 18:56 185920 c:\windows\system32\rmoc3260.dll
+ 2005-07-24 20:40 . 2005-07-24 20:40 151552 c:\windows\system32\RDOCURS.DLL
- 2000-04-03 14:52 . 2000-04-03 14:52 151552 c:\windows\system32\RDOCURS.DLL
+ 2001-09-19 15:00 . 2009-05-31 19:13 314508 c:\windows\system32\perfh009.dat
+ 2001-07-07 03:11 . 2001-07-07 03:11 479232 c:\windows\system32\pdflib.dll
+ 2000-02-08 10:44 . 2000-02-08 10:44 278800 c:\windows\system32\ntwdblib.dll
+ 2008-10-24 16:33 . 1998-06-01 11:37 294912 c:\windows\system32\msxbse35.dll
+ 2008-10-24 16:33 . 1999-09-30 17:21 166672 c:\windows\system32\mstext35.dll
+ 2008-10-24 16:33 . 1999-08-25 11:57 415504 c:\windows\system32\MsRepl35.dll
+ 2005-07-24 20:40 . 1998-10-19 22:00 393216 c:\windows\system32\MSRDO20.DLL
+ 2008-10-24 16:33 . 1998-06-01 11:37 262144 c:\windows\system32\MSRD2x35.dll
+ 2008-10-24 16:33 . 1999-09-09 19:06 168720 c:\windows\system32\msltus35.dll
+ 2008-10-24 16:33 . 1999-06-10 06:34 123664 c:\windows\system32\MSJInt35.dll
- 2004-08-04 00:54 . 2004-08-04 00:54 884736 c:\windows\system32\msimsg.dll
+ 2004-08-04 00:54 . 2005-05-04 11:45 884736 c:\windows\system32\msimsg.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 271360 c:\windows\system32\msihnd.dll
+ 2008-10-24 16:33 . 1999-09-09 19:06 252688 c:\windows\system32\msexcl35.dll
+ 2008-10-24 16:33 . 1998-06-01 11:37 344064 c:\windows\system32\msexch35.dll
+ 2001-08-16 18:04 . 2001-08-16 18:04 167936 c:\windows\system32\ming.dll
+ 2001-07-26 19:44 . 2001-07-26 19:44 475136 c:\windows\system32\libxml2.dll
+ 2001-05-16 22:16 . 2001-05-16 22:16 860160 c:\windows\system32\libeay32.dll
+ 2000-10-07 06:41 . 2000-10-07 06:41 747486 c:\windows\system32\iconv-1.3.dll
+ 1999-11-24 13:00 . 1999-11-24 13:00 361984 c:\windows\system32\gds32.dll
+ 1999-05-24 11:26 . 1999-05-24 11:26 317440 c:\windows\system32\FdfTk.dll
+ 2000-10-22 18:26 . 2000-10-22 18:26 438334 c:\windows\system32\expat.dll
+ 2004-08-04 00:54 . 2005-05-04 11:45 884736 c:\windows\system32\dllcache\msimsg.dll
- 2004-08-04 00:54 . 2004-08-04 00:54 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2009-05-26 19:02 . 2009-05-26 19:02 575488 c:\windows\Muslim Bag\uninstall.exe
+ 2008-07-29 05:05 . 2008-07-29 05:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-04-14 19:12 . 2009-04-14 19:36 1557976 c:\windows\system32\Restore\rstrlog.dat
+ 2001-12-30 21:27 . 2001-12-30 21:27 1155072 c:\windows\system32\php4ts.dll
+ 2004-08-04 00:55 . 2004-02-23 17:42 1386496 c:\windows\system32\MSVBVM60.DLL
+ 2008-10-24 16:33 . 1999-09-28 18:42 1050896 c:\windows\system32\MSJet35.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 2890240 c:\windows\system32\msi.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 2890240 c:\windows\system32\dllcache\msi.dll
- 2009-03-22 11:34 . 2007-04-17 09:32 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
+ 2009-03-22 11:34 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
+ 2009-03-07 22:11 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-07 2807216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-02 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\user\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
WinMySQLadmin.lnk - c:\apache\mysql\bin\winmysqladmin.exe [2001-11-3 1167872]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-2 113664]
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2009-3-2 581632]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-3-14 5517312]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^AudioDeck.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\apache\\Apache.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2009 06:25 م 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2009 06:25 م 20560]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25/01/2002 07:30 ص 20480]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [02/03/2009 06:00 م 3351]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CBAC77DA-FFBF-5C72-BAD5-AB50870618D3}]
c:\program files\aeY\playeUr.exe s
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Grey soft - c:\docume~1\user\APPLIC~1\ADMINS~1\MetaTime.exe
HKLM-Run-Jugs Surf Inter Media - c:\documents and settings\All Users\Application Data\STORE LESS JUGS SURF\aim grim.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local;<local>
uInternet Settings,ProxyServer = 24.93.255.199:1182
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
DPF: Microsoft XML Parser for Java -
DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-05 18:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{127039e3-f295-4b01-b00c-18dfae0d587a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009a
"Therad"=dword:00000013
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,fd,50,27,3f,12,58,38,1b,09,b7,33,75,23,9d,bd,96,37,4f,ad,3f,
34,4a,7e,81,28,74,12,ca,17,32,87,25,e4,6f,a6,1c,da,47,a7,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\msi.dll
.
Completion time: 2009-06-05 18:12
ComboFix-quarantined-files.txt 2009-06-05 15:11
ComboFix2.txt 2009-05-10 21:06
ComboFix3.txt 2009-03-31 23:21
ComboFix4.txt 2009-03-08 10:45
ComboFix5.txt 2009-05-17 21:10
Pre-Run: 28,666,937,344 bytes free
Post-Run: 29,072,556,032 bytes free
292 --- E O F --- 2009-05-22 00:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:13:26 م, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache\mysql\bin\mysqld-nt.exe
c:\apache\APACHE.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\apache\mysql\bin\winmysqladmin.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\خاص\برامج تنظيف\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.93.255.199:1182
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = C:\apache\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
--
End of file - 6871 bytes
وهذااا التقارير
ComboFix 09-06-04.09 - user 06/05/2009 18:04.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.223.110 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 14:57 . 2009-06-05 14:58 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Ashampoo AudioCD MP3 Studio 3
2009-06-05 14:57 . 2009-06-05 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-05 14:57 . 2009-06-05 14:57 -------- d-----w- c:\program files\Yahoo!
2009-06-05 14:57 . 2009-06-05 14:57 -------- d-----w- c:\program files\Ashampoo
2009-06-03 20:21 . 2009-06-03 20:23 -------- d-----w- c:\program files\The KMPlayer
2009-06-03 14:08 . 2006-01-26 05:26 196608 ----a-w- c:\windows\system32\DartSecureFtp.dll
2009-06-03 14:08 . 2006-01-26 05:26 196608 ----a-w- c:\windows\system32\DartFtp.dll
2009-06-03 14:08 . 2006-01-26 05:26 327680 ----a-w- c:\windows\system32\DartZip.dll
2009-06-03 14:08 . 2006-01-26 05:24 196608 ----a-w- c:\windows\system32\DartSecure2.dll
2009-06-03 14:08 . 2006-01-26 05:24 221184 ----a-w- c:\windows\system32\DartSock.dll
2009-06-03 14:08 . 2006-01-26 05:24 155648 ----a-w- c:\windows\system32\DartCertificate.dll
2009-06-03 14:08 . 2005-06-02 11:36 276352 ----a-w- c:\windows\system32\XceedSco.dll
2009-06-03 14:08 . 2000-12-06 06:59 316344 ----a-w- c:\windows\system32\TDBGPP.DLL
2009-06-03 14:08 . 1998-04-23 20:00 287504 ----a-w- c:\windows\system32\MSXBSE.dll
2009-06-03 14:08 . 2009-06-03 14:08 -------- d-----w- c:\program files\SOFTplus
2009-06-03 14:08 . 1998-04-23 20:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-05-30 11:21 . 2009-05-30 11:21 -------- d-----w- c:\program files\Winsyntax
2009-05-27 15:25 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-05-27 15:25 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-05-27 15:25 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-05-27 15:25 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-05-27 15:25 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-05-27 15:25 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-05-27 15:25 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-05-27 15:25 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-27 15:24 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-05-26 20:16 . 2009-05-26 20:16 390664 ----a-w- c:\documents and settings\user\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 19:02 . 2009-05-26 19:02 -------- d-----w- c:\windows\Muslim Bag
2009-05-26 19:02 . 2009-05-26 19:02 -------- d-----w- c:\program files\Muslim Bag
2009-05-24 16:19 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-23 20:54 . 2009-05-23 20:54 -------- d-----w- c:\program files\Google SiteMap Builder
2009-05-23 20:54 . 2002-07-26 15:02 62464 ----a-w- C:\UNWISE.EXE
2009-05-23 11:02 . 2009-05-23 11:02 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Opera
2009-05-23 11:02 . 2009-05-23 16:04 -------- d-----w- c:\program files\Opera
2009-05-23 09:14 . 2009-05-23 09:14 592 ----a-w- c:\windows\chgkey.vbs
2009-05-23 09:11 . 2009-05-23 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-22 10:21 . 2009-05-22 11:03 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo
2009-05-22 10:02 . 2009-05-22 10:02 -------- d-----w- C:\OutputFolder
2009-05-20 20:50 . 2009-05-22 11:03 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-05-19 17:44 . 2009-05-19 17:44 -------- d-----w- C:\winnt
2009-05-19 17:44 . 2009-05-19 17:44 -------- d-----w- C:\phptriad
2009-05-19 17:44 . 2009-05-19 17:44 -------- d-----w- C:\apache
2009-05-19 16:40 . 2000-05-14 19:45 73728 ----a-w- c:\windows\system32\fast2004.dll
2009-05-19 14:22 . 2009-05-19 14:22 198064 ----a-w- c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-19 14:22 . 2009-06-01 20:18 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-05-19 14:22 . 2009-06-05 15:09 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-05-19 14:22 . 2009-05-30 16:25 -------- d-----w- c:\program files\Internet Download Manager
2009-05-17 17:43 . 2004-08-03 21:55 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-05-17 17:43 . 2004-08-03 21:55 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-05-17 17:43 . 2004-08-03 21:45 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-17 17:43 . 2004-08-03 21:45 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-05-17 17:43 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-17 17:43 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-17 17:43 . 2004-08-03 20:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-17 17:43 . 2004-08-03 20:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-16 20:33 . 2009-05-27 19:46 -------- d-----w- c:\program files\aeY
2009-05-13 21:40 . 2000-01-24 02:01 453632 ----a-w- c:\windows\system32\stdvcl40.dll
2009-05-13 21:40 . 2009-05-13 21:41 -------- d-----w- c:\program files\Web CEO
2009-05-07 07:42 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 19:13 . 2001-09-19 15:00 40940 ----a-w- c:\windows\system32\perfc001.dat
2009-05-31 19:13 . 2001-09-19 15:00 254130 ----a-w- c:\windows\system32\perfh001.dat
2009-05-31 16:27 . 2009-03-07 21:26 -------- d-----w- c:\documents and settings\user\Application Data\cleaner
2009-05-27 15:56 . 2009-05-16 20:33 25073 ----a-w- c:\documents and settings\user\Application Data\YV.dat
2009-05-25 20:25 . 2005-01-13 14:54 166088 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\%drive_K%\MSOCache\All Users\microsoft.watson.alrtintl.data\AlrtIntl.dll
2009-05-24 17:34 . 2009-03-30 17:14 -------- d-----w- c:\documents and settings\user\Application Data\AdminSend
2009-05-24 17:34 . 2009-03-02 15:09 -------- d-----w- c:\program files\Circle Developement
2009-05-24 16:22 . 2009-03-30 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\STORE LESS JUGS SURF
2009-05-16 00:20 . 2009-03-30 11:09 -------- d-----w- c:\program files\SiteMap Generator
2009-05-15 17:27 . 2009-03-02 15:05 -------- d-----w- c:\program files\GRETECH
2009-05-15 10:06 . 2009-03-02 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-14 10:21 . 2009-03-02 17:13 -------- d-----w- c:\program files\Google
2009-05-13 21:37 . 2009-03-07 20:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-13 21:37 . 2009-03-28 10:46 -------- d-----w- c:\program files\SEO Studio
2009-04-14 19:35 . 2009-03-02 15:05 -------- d-----w- c:\program files\Common Files\Real
2009-04-14 19:35 . 2009-04-14 19:35 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-14 19:31 . 2009-04-14 19:31 -------- d-----w- c:\program files\AdminSend
2009-04-14 19:31 . 2009-04-12 06:30 -------- d-----w- c:\program files\GSA Auto Website Submitter
2009-03-27 01:36 . 2009-03-27 01:36 34304 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\4000001300002i\GoogleToolbarNotifier.exe
2009-03-27 01:36 . 2009-03-27 01:36 34304 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\4000009c00002i\IEXPLORE.EXE
2009-03-22 12:17 . 2009-03-22 12:17 34304 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\3000000043900002i\FRONTPG.EXE
2009-03-10 19:33 . 2009-03-02 14:51 139024 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 18:20 . 2009-03-09 18:20 1915520 ----a-w- c:\documents and settings\user\Application Data\Macromedia\Flash Player\
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
2009-03-09 01:53 . 2009-03-09 01:53 34304 ----a-w- c:\documents and settings\user\Application Data\Thinstall\Microsoft Office FrontPage 2003\10000001500002i\msiexec.exe
2009-03-07 22:47 . 2009-03-02 17:27 90112 ----a-w- c:\windows\DUMP4cf7.tmp
2009-03-07 22:46 . 2009-03-02 17:27 90112 ----a-w- c:\windows\DUMP5227.tmp
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\2MLF9FH7.DAT
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\CFRLFD3V.DAT
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\2WY83TJZ.DAT
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\Q21NJ3DZ.DAT
2009-03-07 22:11 . 2009-03-07 22:11 2678 ----a-w- c:\windows\java\Packages\Data\KRNHVRX7.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-03-31_23.16.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-06 23:19 . 2007-11-06 23:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 03:07 . 2008-07-29 03:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2000-08-24 18:44 . 2000-08-24 18:44 78848 c:\windows\system32\xmltok.dll
+ 2000-08-24 18:44 . 2000-08-24 18:44 40960 c:\windows\system32\xmlparse.dll
+ 2008-10-24 16:33 . 1998-06-17 21:00 89360 c:\windows\system32\VB5DB.dll
- 2009-03-06 20:06 . 2007-11-30 12:39 17784 c:\windows\system32\spmsg.dll
+ 2009-03-06 20:06 . 2008-07-08 12:58 17784 c:\windows\system32\spmsg.dll
+ 2001-09-19 15:00 . 2009-05-31 19:13 40836 c:\windows\system32\perfc009.dat
- 2004-08-03 22:58 . 2004-08-03 22:58 61440 c:\windows\system32\msvcrt40.dll
+ 2004-08-04 11:00 . 2004-08-04 11:00 61440 c:\windows\system32\msvcrt40.dll
+ 1997-09-08 00:13 . 1997-09-08 00:13 57344 c:\windows\system32\mSQL.dll
+ 2008-10-24 16:33 . 1999-06-10 06:34 24848 c:\windows\system32\MSJtEr35.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 15360 c:\windows\system32\msisip.dll
+ 2004-08-04 00:56 . 2005-05-04 11:45 78848 c:\windows\system32\msiexec.exe
+ 2000-10-22 04:41 . 2000-10-22 04:41 40960 c:\windows\system32\libsasl.dll
+ 2000-09-27 01:28 . 2000-09-27 01:28 40448 c:\windows\system32\libpq.dll
+ 2000-11-30 04:32 . 2000-11-30 04:32 15872 c:\windows\system32\gnu_gettext.dll
+ 2004-08-04 11:00 . 2004-08-04 11:00 61440 c:\windows\system32\dllcache\msvcrt40.dll
- 2004-08-03 22:58 . 2004-08-03 22:58 61440 c:\windows\system32\dllcache\msvcrt40.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-04 00:56 . 2005-05-04 11:45 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2008-07-29 05:05 . 2008-07-29 05:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 00:54 . 2008-07-29 00:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2001-05-16 22:17 . 2001-05-16 22:17 188416 c:\windows\system32\ssleay32.dll
+ 2001-09-19 20:52 . 2001-09-19 20:52 192512 c:\windows\system32\sablot.dll
+ 2009-03-02 15:06 . 2008-09-10 18:56 185920 c:\windows\system32\rmoc3260.dll
+ 2005-07-24 20:40 . 2005-07-24 20:40 151552 c:\windows\system32\RDOCURS.DLL
- 2000-04-03 14:52 . 2000-04-03 14:52 151552 c:\windows\system32\RDOCURS.DLL
+ 2001-09-19 15:00 . 2009-05-31 19:13 314508 c:\windows\system32\perfh009.dat
+ 2001-07-07 03:11 . 2001-07-07 03:11 479232 c:\windows\system32\pdflib.dll
+ 2000-02-08 10:44 . 2000-02-08 10:44 278800 c:\windows\system32\ntwdblib.dll
+ 2008-10-24 16:33 . 1998-06-01 11:37 294912 c:\windows\system32\msxbse35.dll
+ 2008-10-24 16:33 . 1999-09-30 17:21 166672 c:\windows\system32\mstext35.dll
+ 2008-10-24 16:33 . 1999-08-25 11:57 415504 c:\windows\system32\MsRepl35.dll
+ 2005-07-24 20:40 . 1998-10-19 22:00 393216 c:\windows\system32\MSRDO20.DLL
+ 2008-10-24 16:33 . 1998-06-01 11:37 262144 c:\windows\system32\MSRD2x35.dll
+ 2008-10-24 16:33 . 1999-09-09 19:06 168720 c:\windows\system32\msltus35.dll
+ 2008-10-24 16:33 . 1999-06-10 06:34 123664 c:\windows\system32\MSJInt35.dll
- 2004-08-04 00:54 . 2004-08-04 00:54 884736 c:\windows\system32\msimsg.dll
+ 2004-08-04 00:54 . 2005-05-04 11:45 884736 c:\windows\system32\msimsg.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 271360 c:\windows\system32\msihnd.dll
+ 2008-10-24 16:33 . 1999-09-09 19:06 252688 c:\windows\system32\msexcl35.dll
+ 2008-10-24 16:33 . 1998-06-01 11:37 344064 c:\windows\system32\msexch35.dll
+ 2001-08-16 18:04 . 2001-08-16 18:04 167936 c:\windows\system32\ming.dll
+ 2001-07-26 19:44 . 2001-07-26 19:44 475136 c:\windows\system32\libxml2.dll
+ 2001-05-16 22:16 . 2001-05-16 22:16 860160 c:\windows\system32\libeay32.dll
+ 2000-10-07 06:41 . 2000-10-07 06:41 747486 c:\windows\system32\iconv-1.3.dll
+ 1999-11-24 13:00 . 1999-11-24 13:00 361984 c:\windows\system32\gds32.dll
+ 1999-05-24 11:26 . 1999-05-24 11:26 317440 c:\windows\system32\FdfTk.dll
+ 2000-10-22 18:26 . 2000-10-22 18:26 438334 c:\windows\system32\expat.dll
+ 2004-08-04 00:54 . 2005-05-04 11:45 884736 c:\windows\system32\dllcache\msimsg.dll
- 2004-08-04 00:54 . 2004-08-04 00:54 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2009-05-26 19:02 . 2009-05-26 19:02 575488 c:\windows\Muslim Bag\uninstall.exe
+ 2008-07-29 05:05 . 2008-07-29 05:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 05:05 . 2008-07-29 05:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-04-14 19:12 . 2009-04-14 19:36 1557976 c:\windows\system32\Restore\rstrlog.dat
+ 2001-12-30 21:27 . 2001-12-30 21:27 1155072 c:\windows\system32\php4ts.dll
+ 2004-08-04 00:55 . 2004-02-23 17:42 1386496 c:\windows\system32\MSVBVM60.DLL
+ 2008-10-24 16:33 . 1999-09-28 18:42 1050896 c:\windows\system32\MSJet35.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 2890240 c:\windows\system32\msi.dll
+ 2004-08-04 00:55 . 2005-05-04 11:45 2890240 c:\windows\system32\dllcache\msi.dll
- 2009-03-22 11:34 . 2007-04-17 09:32 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
+ 2009-03-22 11:34 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
+ 2009-03-07 22:11 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-07 2807216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-02 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\user\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
WinMySQLadmin.lnk - c:\apache\mysql\bin\winmysqladmin.exe [2001-11-3 1167872]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-2 113664]
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2009-3-2 581632]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-3-14 5517312]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^AudioDeck.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\AudioDeck.lnk
backup=c:\windows\pss\AudioDeck.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\apache\\Apache.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/05/2009 06:25 م 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/05/2009 06:25 م 20560]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25/01/2002 07:30 ص 20480]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [02/03/2009 06:00 م 3351]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CBAC77DA-FFBF-5C72-BAD5-AB50870618D3}]
c:\program files\aeY\playeUr.exe s
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Grey soft - c:\docume~1\user\APPLIC~1\ADMINS~1\MetaTime.exe
HKLM-Run-Jugs Surf Inter Media - c:\documents and settings\All Users\Application Data\STORE LESS JUGS SURF\aim grim.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local;<local>
uInternet Settings,ProxyServer = 24.93.255.199:1182
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
DPF: {7253A666-804A-1107-A4DC-00E04C504781} - hxxp://66.228.123.202/bmc.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-05 18:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{127039e3-f295-4b01-b00c-18dfae0d587a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009a
"Therad"=dword:00000013
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dd,fd,50,27,3f,12,58,38,1b,09,b7,33,75,23,9d,bd,96,37,4f,ad,3f,
34,4a,7e,81,28,74,12,ca,17,32,87,25,e4,6f,a6,1c,da,47,a7,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\msi.dll
.
Completion time: 2009-06-05 18:12
ComboFix-quarantined-files.txt 2009-06-05 15:11
ComboFix2.txt 2009-05-10 21:06
ComboFix3.txt 2009-03-31 23:21
ComboFix4.txt 2009-03-08 10:45
ComboFix5.txt 2009-05-17 21:10
Pre-Run: 28,666,937,344 bytes free
Post-Run: 29,072,556,032 bytes free
292 --- E O F --- 2009-05-22 00:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:13:26 م, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\apache\mysql\bin\mysqld-nt.exe
c:\apache\APACHE.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\apache\mysql\bin\winmysqladmin.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\خاص\برامج تنظيف\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.93.255.199:1182
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = C:\apache\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7253A666-804A-1107-A4DC-00E04C504781} (BMC Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
--
End of file - 6871 bytes
