alshopaky
زيزوومي نشيط
غير متصل
- بادئ الموضوع alshopaky
- تاريخ البدء
- 1,272
ابو تيمور
زيزوومى مميز
- إنضم
- 4 ديسمبر 2008
- المشاركات
- 845
- مستوى التفاعل
- 6
- النقاط
- 520
- الإقامة
- الاردن- زرقاء
- الموقع الالكتروني
- www.jordanweather.com
غير متصل
تأييد
0
ابو تيمور
زيزوومى مميز
- إنضم
- 4 ديسمبر 2008
- المشاركات
- 845
- مستوى التفاعل
- 6
- النقاط
- 520
- الإقامة
- الاردن- زرقاء
- الموقع الالكتروني
- www.jordanweather.com
غير متصل
تأييد
0
ابـــو عــبــد الــلــه
زيزوومى فضى
- إنضم
- 31 ديسمبر 2007
- المشاركات
- 6,175
- مستوى التفاعل
- 65
- النقاط
- 840
- الإقامة
- لا إله إلا الله محمد رسول الله
غير متصل
+
حمل هذا الآداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أتمنى منك الصبر حتى يتم تحليل التقرير
توقيع : ابـــو عــبــد الــلــه
تأييد
0
alshopaky
زيزوومي نشيط
غير متصل
عند فتح اى ايميل تظهر هذه الرسالة وهذا تقرير الهيجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:35 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows7\Analog Clock\AnalogClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\program\AIVIRUS 2009\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Windows7\Analog Clock\AnalogClock.exe
O4 - HKCU\..\Run: [TransBar] C:\Program Files\Windows7\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0A9973-A1B6-4626-A8E9-1F224E2C344D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6550 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:35 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows7\Analog Clock\AnalogClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\program\AIVIRUS 2009\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Windows7\Analog Clock\AnalogClock.exe
O4 - HKCU\..\Run: [TransBar] C:\Program Files\Windows7\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0A9973-A1B6-4626-A8E9-1F224E2C344D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6550 bytes
توقيع : alshopaky
تأييد
0
ابـــو عــبــد الــلــه
زيزوومى فضى
- إنضم
- 31 ديسمبر 2007
- المشاركات
- 6,175
- مستوى التفاعل
- 65
- النقاط
- 840
- الإقامة
- لا إله إلا الله محمد رسول الله
غير متصل
عطل برامج الحماية وشغل الأداة
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
توقيع : ابـــو عــبــد الــلــه
تأييد
0
alshopaky
زيزوومي نشيط
غير متصل
هذا تقرير الكومبو فكس
ComboFix 09-06-14.02 - Alshopaky 06/15/2009 21:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.511.283 [GMT 3:00]
Running from: c:\documents and settings\Alshopaky\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-15 17:42 . 2009-05-21 18:31 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-15 14:23 . 2004-03-29 12:23 90112 ----a-w- c:\windows\unvise32.exe
2009-06-15 14:23 . 2009-06-15 14:23 -------- d-----w- c:\program files\SWiSHmax
2009-06-15 06:34 . 2009-06-15 06:34 626688 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\msvcr80.dll
2009-06-15 06:34 . 2009-06-15 06:34 548864 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\msvcp80.dll
2009-06-15 06:34 . 2009-06-15 06:34 1757184 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\fdmbtsupp.dll
2009-06-15 06:34 . 2009-06-15 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Torrent2Exe
2009-06-15 05:31 . 2009-06-15 05:31 -------- d-----w- c:\documents and settings\Alshopaky\Local Settings\Application Data\ESET
2009-06-15 05:21 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-13 05:38 . 2009-06-13 05:38 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\Media Player Classic
2009-06-13 04:37 . 2008-04-13 22:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-13 04:31 . 2009-06-13 04:31 -------- d-----w- c:\documents and settings\Alshopaky\Local Settings\Application Data\Ahead
2009-06-13 04:00 . 2009-06-13 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-13 03:59 . 2009-06-13 03:59 -------- d-----w- c:\program files\NCH Software
2009-06-13 03:59 . 2009-06-13 04:00 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\NCH Swift Sound
2009-06-13 03:59 . 2009-06-13 03:59 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-13 03:28 . 2000-10-06 04:17 163600 ----a-w- c:\windows\system\Wmaudsdk.dll
2009-06-12 19:41 . 2009-06-12 19:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-12 19:41 . 2009-06-14 08:55 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\skypePM
2009-06-12 19:38 . 2009-06-14 08:59 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\Skype
2009-06-12 19:37 . 2009-06-12 19:37 -------- d-----w- c:\program files\Skype
2009-06-12 19:37 . 2009-06-12 19:37 -------- d-----w- c:\program files\Common Files\Skype
2009-06-12 19:37 . 2009-06-12 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-12 16:56 . 2009-06-12 16:56 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\Malwarebytes
2009-06-12 16:55 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 16:55 . 2009-06-12 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-12 16:55 . 2009-06-12 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 16:55 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 14:41 . 2004-01-21 20:38 4082688 ----a-w- c:\windows\system\qtintf70.dll
2009-06-12 09:31 . 2009-06-12 09:31 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\AdobeUM
2009-06-12 09:31 . 2009-06-12 09:31 -------- d-----w- c:\documents and settings\Alshopaky\Local Settings\Application Data\Adobe
2009-06-12 09:30 . 2009-06-12 09:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-12 09:04 . 2008-04-13 19:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-06-12 09:04 . 2001-08-17 12:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-06-12 09:04 . 2008-04-13 19:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-06-12 09:04 . 2001-08-17 12:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-06-12 09:04 . 2001-08-17 12:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-06-12 09:03 . 2001-08-17 12:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-06-12 09:03 . 2001-08-17 02:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-06-12 09:03 . 2008-04-13 12:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-06-12 09:03 . 2008-04-13 14:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-06-12 09:03 . 2008-04-13 19:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-12 09:03 . 2008-04-13 12:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-06-12 09:01 . 2008-04-13 14:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-06-12 09:01 . 2008-04-13 12:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-06-12 09:01 . 2001-08-17 02:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-06-12 09:00 . 2001-08-17 03:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-06-12 09:00 . 2001-08-17 12:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-06-12 09:00 . 2001-08-17 12:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-06-12 08:58 . 2001-08-17 02:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-06-12 08:57 . 2001-08-17 03:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-06-12 08:56 . 2001-08-17 12:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-06-12 08:55 . 2001-08-17 04:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-06-12 08:55 . 2001-08-17 02:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-06-12 08:55 . 2008-04-13 14:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-06-12 08:55 . 2001-08-17 02:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-06-12 08:55 . 2001-08-17 02:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-06-12 08:55 . 2001-08-17 03:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-06-12 08:54 . 2001-08-17 03:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-06-12 08:54 . 2001-08-17 02:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-06-12 08:54 . 2001-08-17 04:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-06-12 08:54 . 2001-08-17 04:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2009-06-12 08:54 . 2001-08-17 04:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2009-06-12 08:54 . 2001-08-17 04:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-06-12 08:54 . 2001-08-17 04:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-06-12 08:52 . 2008-04-28 09:21 78336 ----a-w- c:\windows\system32\srclient.dll
2009-06-12 08:52 . 2001-08-17 12:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-06-12 08:52 . 2001-08-17 03:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-06-12 08:52 . 2001-08-17 12:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-06-12 08:52 . 2001-08-17 04:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-06-12 08:52 . 2001-08-17 03:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-06-12 08:52 . 2001-08-17 12:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-06-12 08:52 . 2001-08-17 02:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-06-12 08:52 . 2001-08-17 02:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-06-12 08:52 . 2001-08-17 03:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-06-12 08:52 . 2008-04-13 14:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-06-12 08:50 . 2008-04-13 19:42 73796 -c--a-w- c:\windows\system32\dllcache\slserv.exe
2009-06-12 08:49 . 2001-07-21 04:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-06-12 08:49 . 2001-07-21 04:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-06-12 08:49 . 2001-08-17 02:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-06-12 08:49 . 2001-08-17 12:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-06-12 08:49 . 2001-08-17 02:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-06-12 08:48 . 2001-08-17 03:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-12 08:48 . 2001-08-17 03:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-06-12 08:48 . 2001-08-17 03:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-06-12 08:48 . 2008-04-13 14:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-06-12 08:48 . 2001-08-17 03:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-06-12 08:48 . 2001-08-17 03:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-06-12 08:48 . 2001-08-17 03:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-06-12 08:48 . 2001-08-17 03:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-06-12 08:48 . 2001-08-17 03:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2009-06-12 08:48 . 2008-04-13 14:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2009-06-12 08:48 . 2001-08-17 12:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2009-06-12 08:46 . 2001-08-17 02:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-06-12 08:46 . 2008-04-13 14:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-06-12 08:46 . 2008-04-13 14:10 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2009-06-12 08:46 . 2001-08-17 02:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-06-12 08:46 . 2008-04-13 14:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2009-06-12 08:46 . 2001-08-17 12:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2009-06-12 08:46 . 2008-04-28 09:20 151552 ----a-w- c:\windows\system32\remotepg.dll
2009-06-12 08:45 . 2008-04-13 13:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2009-06-12 08:45 . 2001-08-17 03:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-06-12 08:45 . 2001-08-17 03:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-06-12 08:45 . 2001-08-17 03:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-06-12 08:45 . 2001-08-17 12:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-06-12 08:45 . 2001-08-17 03:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-06-12 08:43 . 2001-08-17 03:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-06-12 08:42 . 2001-08-17 12:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-06-12 08:41 . 2001-08-17 02:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-06-12 08:41 . 2001-08-17 12:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-06-12 08:41 . 2008-04-13 13:53 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2009-06-12 08:40 . 2001-08-17 02:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-06-12 08:40 . 2001-08-17 03:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-06-12 08:40 . 2001-08-17 03:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-06-12 08:40 . 2008-04-13 14:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-06-12 08:39 . 2001-08-17 02:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-06-12 08:39 . 2001-08-17 02:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-06-12 08:39 . 2001-08-17 02:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-06-12 08:39 . 2008-04-13 12:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-06-12 08:38 . 2001-08-17 02:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2009-06-12 08:38 . 2001-08-17 02:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-06-12 08:38 . 2001-08-17 12:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2009-06-12 08:38 . 2001-08-17 03:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2009-06-12 08:38 . 2008-04-13 14:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-06-12 08:36 . 2008-04-13 14:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 18:36 . 2009-06-11 16:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-15 18:24 . 2009-06-11 17:50 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\DMCache
2009-06-15 16:57 . 2009-06-11 16:16 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-15 08:49 . 2009-06-11 16:17 11 --sha-r- c:\documents and settings\All Users\Application Data\BurstCopy Labs\BurstCopy\Data\71D19977.sys
2009-06-12 18:00 . 2009-06-11 10:55 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-11 17:47 . 2009-06-11 17:44 -------- d-----w- c:\program files\Ahead
2009-06-11 17:44 . 2009-06-11 17:44 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-11 17:42 . 2009-06-11 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-11 17:42 . 2009-06-11 13:00 -------- d-----w- c:\program files\TechSmith
2009-06-11 17:42 . 2009-06-11 16:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-11 17:23 . 2009-06-11 16:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-11 16:42 . 2009-06-11 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-11 16:42 . 2009-06-11 16:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-11 16:42 . 2009-06-11 16:42 -------- d-----w- c:\program files\Common Files\Intel
2009-06-11 16:42 . 2009-06-11 16:42 -------- d-----w- c:\program files\InstallShield Installation Information
2009-06-11 16:41 . 2009-06-11 16:40 -------- d-----w- c:\program files\VIA
2009-06-11 16:38 . 2009-06-11 16:38 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\TuneUp Software
2009-06-11 16:38 . 2009-06-11 16:38 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-11 16:38 . 2009-06-11 16:37 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-06-11 16:37 . 2009-06-11 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-11 16:36 . 2009-06-11 16:36 -------- d-----w- c:\program files\زين مشاركاتك
2009-06-11 16:36 . 2009-06-11 15:21 -------- d-----w- c:\program files\RocketDock
2009-06-11 16:34 . 2009-06-11 15:24 35256 ----a-w- c:\documents and settings\Alshopaky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 16:29 . 2009-06-11 16:29 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\ESET
2009-06-11 16:27 . 2009-06-11 16:27 -------- d-----w- c:\program files\Driver-Soft
2009-06-11 16:25 . 2009-06-11 16:25 -------- d-----w- c:\program files\ESET
2009-06-11 16:25 . 2009-06-11 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-11 16:17 . 2009-06-11 16:17 -------- d-----w- c:\program files\BurstCopy
2009-06-11 16:17 . 2009-06-11 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\BurstCopy Labs
2009-06-11 16:16 . 2009-06-11 16:16 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\URSoft
2009-06-11 16:15 . 2009-06-11 16:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-11 16:15 . 2009-06-11 16:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-11 16:13 . 2009-06-11 16:13 -------- d-----w- c:\program files\WinPcap
2009-06-11 16:13 . 2009-06-11 16:12 -------- d-----w- c:\program files\stopcut
2009-06-11 16:12 . 2009-06-11 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\OpenDNS Updater
2009-06-11 16:11 . 2009-06-11 16:11 -------- d-----w- c:\program files\OpenDNS Updater
2009-06-11 16:05 . 2009-06-11 16:05 0 ----a-w- c:\windows\nsreg.dat
2009-06-11 15:24 . 2009-06-11 15:24 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\OtakuSoftware
2009-06-11 15:22 . 2009-06-11 15:22 -------- d-----w- c:\program files\Windows7
2009-06-11 13:01 . 2009-06-11 13:01 -------- d-----w- c:\program files\VistaDrives
2009-06-11 13:00 . 2009-06-11 13:00 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-06-11 12:51 . 2009-06-11 16:41 -------- d-----w- c:\program files\Intel
2009-06-11 10:56 . 2009-06-11 10:56 -------- d-----w- c:\program files\microsoft frontpage
2009-06-11 10:51 . 2009-06-11 10:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-11 10:51 . 2009-06-11 10:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-14 08:49 . 2009-05-14 08:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 08:49 . 2009-05-14 08:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 08:49 . 2009-05-14 08:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 08:47 . 2009-05-14 08:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 08:41 . 2009-05-14 08:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-05 17:31 . 2009-06-11 16:14 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-02 13:21 . 2009-06-11 16:14 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-24 11:43 . 2009-06-11 17:55 43008 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-03-24 11:43 . 2009-06-11 17:55 43008 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-03-24 11:43 . 2009-06-11 17:55 235520 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-03-24 11:43 . 2009-06-11 17:55 338432 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-03-24 11:42 . 2009-06-11 17:55 235008 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-03-24 11:42 . 2009-06-11 17:55 345088 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
.
------- Sigcheck -------
[-] 2008-03-20 18:36 578560 F92D8964B5286DE225BD2B6BF89764BE c:\windows\system32\user32.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3gdr\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3qfe\wininet.dll
[-] 2008-04-28 09:25 920064 88348F8C92C28BA99FE49BD392100CE0 c:\windows\system32\wininet.dll
[-] 2008-04-28 09:24 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows\system32\winlogon.exe
[-] 2008-04-26 03:58 2227072 F65795635A4DA985337F1A8C15B42F98 c:\windows\system32\ntkrnlpa.exe
[-] 2008-04-26 03:44 2350208 46391325B9159057FFFAFCA37A39A669 c:\windows\system32\ntoskrnl.exe
[-] 2008-08-18 18:17 1616384 4A90F51B778FA0157F60D206E8B37D2A c:\windows\explorer.exe
[-] 2008-04-28 09:22 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows\system32\ctfmon.exe
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2008-03-20 18:36 989696 9A8D604748D9FE73B66021E5782A4A3C c:\windows\system32\kernel32.dll
[-] 2008-04-26 03:58 1614848 BC298B78B311397B421D4D52B44B49EC c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-26 123904]
[HKLM\~\startupfolder\C:^Documents and Settings^Alshopaky^Start Menu^Programs^Startup^StopCut home.lnk]
path=c:\documents and settings\Alshopaky\Start Menu\Programs\Startup\StopCut home.lnk
backup=c:\windows\pss\StopCut home.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Alshopaky^Start Menu^Programs^Startup^StopCut.lnk]
path=c:\documents and settings\Alshopaky\Start Menu\Programs\Startup\StopCut.lnk
backup=c:\windows\pss\StopCut.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 11:47 AM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 11:47 AM 731840]
R2 OpenDNS Updater.exe;OpenDNS Updater;c:\program files\OpenDNS Updater\OpenDNS Updater.exe --run --> c:\program files\OpenDNS Updater\OpenDNS Updater.exe --run [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/12/2009 7:55 PM 19096]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/12/2009 7:55 PM 194832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 11:22 PM 34064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-06-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.forsanelhaq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {DD0A9973-A1B6-4626-A8E9-1F224E2C344D} = 208.67.222.222,208.67.220.220
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-15 21:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(3420)
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-06-15 21:51
ComboFix-quarantined-files.txt 2009-06-15 18:51
Pre-Run: 3,717,341,184 bytes free
Post-Run: 3,773,829,120 bytes free
307 --- E O F --- 2009-06-15 05:22
ComboFix 09-06-14.02 - Alshopaky 06/15/2009 21:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.511.283 [GMT 3:00]
Running from: c:\documents and settings\Alshopaky\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-15 17:42 . 2009-05-21 18:31 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-15 14:23 . 2004-03-29 12:23 90112 ----a-w- c:\windows\unvise32.exe
2009-06-15 14:23 . 2009-06-15 14:23 -------- d-----w- c:\program files\SWiSHmax
2009-06-15 06:34 . 2009-06-15 06:34 626688 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\msvcr80.dll
2009-06-15 06:34 . 2009-06-15 06:34 548864 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\msvcp80.dll
2009-06-15 06:34 . 2009-06-15 06:34 1757184 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\fdmbtsupp.dll
2009-06-15 06:34 . 2009-06-15 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Torrent2Exe
2009-06-15 05:31 . 2009-06-15 05:31 -------- d-----w- c:\documents and settings\Alshopaky\Local Settings\Application Data\ESET
2009-06-15 05:21 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-13 05:38 . 2009-06-13 05:38 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\Media Player Classic
2009-06-13 04:37 . 2008-04-13 22:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-13 04:31 . 2009-06-13 04:31 -------- d-----w- c:\documents and settings\Alshopaky\Local Settings\Application Data\Ahead
2009-06-13 04:00 . 2009-06-13 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-13 03:59 . 2009-06-13 03:59 -------- d-----w- c:\program files\NCH Software
2009-06-13 03:59 . 2009-06-13 04:00 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\NCH Swift Sound
2009-06-13 03:59 . 2009-06-13 03:59 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-13 03:28 . 2000-10-06 04:17 163600 ----a-w- c:\windows\system\Wmaudsdk.dll
2009-06-12 19:41 . 2009-06-12 19:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-12 19:41 . 2009-06-14 08:55 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\skypePM
2009-06-12 19:38 . 2009-06-14 08:59 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\Skype
2009-06-12 19:37 . 2009-06-12 19:37 -------- d-----w- c:\program files\Skype
2009-06-12 19:37 . 2009-06-12 19:37 -------- d-----w- c:\program files\Common Files\Skype
2009-06-12 19:37 . 2009-06-12 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-12 16:56 . 2009-06-12 16:56 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\Malwarebytes
2009-06-12 16:55 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 16:55 . 2009-06-12 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-12 16:55 . 2009-06-12 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 16:55 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 14:41 . 2004-01-21 20:38 4082688 ----a-w- c:\windows\system\qtintf70.dll
2009-06-12 09:31 . 2009-06-12 09:31 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\AdobeUM
2009-06-12 09:31 . 2009-06-12 09:31 -------- d-----w- c:\documents and settings\Alshopaky\Local Settings\Application Data\Adobe
2009-06-12 09:30 . 2009-06-12 09:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-12 09:04 . 2008-04-13 19:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-06-12 09:04 . 2001-08-17 12:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-06-12 09:04 . 2008-04-13 19:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-06-12 09:04 . 2001-08-17 12:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-06-12 09:04 . 2001-08-17 12:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-06-12 09:03 . 2001-08-17 12:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-06-12 09:03 . 2001-08-17 02:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-06-12 09:03 . 2008-04-13 12:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-06-12 09:03 . 2008-04-13 14:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-06-12 09:03 . 2008-04-13 19:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-12 09:03 . 2008-04-13 12:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-06-12 09:01 . 2008-04-13 14:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-06-12 09:01 . 2008-04-13 12:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-06-12 09:01 . 2001-08-17 02:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-06-12 09:00 . 2001-08-17 03:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-06-12 09:00 . 2001-08-17 12:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-06-12 09:00 . 2001-08-17 12:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-06-12 08:58 . 2001-08-17 02:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-06-12 08:57 . 2001-08-17 03:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-06-12 08:56 . 2001-08-17 12:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-06-12 08:55 . 2001-08-17 04:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-06-12 08:55 . 2001-08-17 02:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-06-12 08:55 . 2008-04-13 14:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-06-12 08:55 . 2001-08-17 02:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-06-12 08:55 . 2001-08-17 02:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-06-12 08:55 . 2001-08-17 03:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-06-12 08:54 . 2001-08-17 03:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-06-12 08:54 . 2001-08-17 02:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-06-12 08:54 . 2001-08-17 04:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-06-12 08:54 . 2001-08-17 04:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2009-06-12 08:54 . 2001-08-17 04:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2009-06-12 08:54 . 2001-08-17 04:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-06-12 08:54 . 2001-08-17 04:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-06-12 08:52 . 2008-04-28 09:21 78336 ----a-w- c:\windows\system32\srclient.dll
2009-06-12 08:52 . 2001-08-17 12:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-06-12 08:52 . 2001-08-17 03:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-06-12 08:52 . 2001-08-17 12:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-06-12 08:52 . 2001-08-17 04:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-06-12 08:52 . 2001-08-17 03:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-06-12 08:52 . 2001-08-17 12:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-06-12 08:52 . 2001-08-17 02:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-06-12 08:52 . 2001-08-17 02:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-06-12 08:52 . 2001-08-17 03:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-06-12 08:52 . 2008-04-13 14:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-06-12 08:50 . 2008-04-13 19:42 73796 -c--a-w- c:\windows\system32\dllcache\slserv.exe
2009-06-12 08:49 . 2001-07-21 04:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-06-12 08:49 . 2001-07-21 04:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-06-12 08:49 . 2001-08-17 02:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-06-12 08:49 . 2001-08-17 12:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-06-12 08:49 . 2001-08-17 02:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-06-12 08:48 . 2001-08-17 03:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-12 08:48 . 2001-08-17 03:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-06-12 08:48 . 2001-08-17 03:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-06-12 08:48 . 2008-04-13 14:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-06-12 08:48 . 2001-08-17 03:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-06-12 08:48 . 2001-08-17 03:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-06-12 08:48 . 2001-08-17 03:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-06-12 08:48 . 2001-08-17 03:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-06-12 08:48 . 2001-08-17 03:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2009-06-12 08:48 . 2008-04-13 14:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2009-06-12 08:48 . 2001-08-17 12:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2009-06-12 08:46 . 2001-08-17 02:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-06-12 08:46 . 2008-04-13 14:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-06-12 08:46 . 2008-04-13 14:10 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2009-06-12 08:46 . 2001-08-17 02:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-06-12 08:46 . 2008-04-13 14:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2009-06-12 08:46 . 2001-08-17 12:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2009-06-12 08:46 . 2008-04-28 09:20 151552 ----a-w- c:\windows\system32\remotepg.dll
2009-06-12 08:45 . 2008-04-13 13:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2009-06-12 08:45 . 2001-08-17 03:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-06-12 08:45 . 2001-08-17 03:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-06-12 08:45 . 2001-08-17 03:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-06-12 08:45 . 2001-08-17 12:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-06-12 08:45 . 2001-08-17 03:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-06-12 08:43 . 2001-08-17 03:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-06-12 08:42 . 2001-08-17 12:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-06-12 08:41 . 2001-08-17 02:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-06-12 08:41 . 2001-08-17 12:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-06-12 08:41 . 2008-04-13 13:53 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2009-06-12 08:40 . 2001-08-17 02:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-06-12 08:40 . 2001-08-17 03:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-06-12 08:40 . 2001-08-17 03:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-06-12 08:40 . 2008-04-13 14:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-06-12 08:39 . 2001-08-17 02:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-06-12 08:39 . 2001-08-17 02:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-06-12 08:39 . 2001-08-17 02:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-06-12 08:39 . 2008-04-13 12:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-06-12 08:38 . 2001-08-17 02:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2009-06-12 08:38 . 2001-08-17 02:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-06-12 08:38 . 2001-08-17 12:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2009-06-12 08:38 . 2001-08-17 03:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2009-06-12 08:38 . 2008-04-13 14:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-06-12 08:36 . 2008-04-13 14:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 18:36 . 2009-06-11 16:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-15 18:24 . 2009-06-11 17:50 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\DMCache
2009-06-15 16:57 . 2009-06-11 16:16 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-06-15 08:49 . 2009-06-11 16:17 11 --sha-r- c:\documents and settings\All Users\Application Data\BurstCopy Labs\BurstCopy\Data\71D19977.sys
2009-06-12 18:00 . 2009-06-11 10:55 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-11 17:47 . 2009-06-11 17:44 -------- d-----w- c:\program files\Ahead
2009-06-11 17:44 . 2009-06-11 17:44 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-11 17:42 . 2009-06-11 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-11 17:42 . 2009-06-11 13:00 -------- d-----w- c:\program files\TechSmith
2009-06-11 17:42 . 2009-06-11 16:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-11 17:23 . 2009-06-11 16:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-11 16:42 . 2009-06-11 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-11 16:42 . 2009-06-11 16:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-11 16:42 . 2009-06-11 16:42 -------- d-----w- c:\program files\Common Files\Intel
2009-06-11 16:42 . 2009-06-11 16:42 -------- d-----w- c:\program files\InstallShield Installation Information
2009-06-11 16:41 . 2009-06-11 16:40 -------- d-----w- c:\program files\VIA
2009-06-11 16:38 . 2009-06-11 16:38 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\TuneUp Software
2009-06-11 16:38 . 2009-06-11 16:38 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-11 16:38 . 2009-06-11 16:37 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-06-11 16:37 . 2009-06-11 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-11 16:36 . 2009-06-11 16:36 -------- d-----w- c:\program files\زين مشاركاتك
2009-06-11 16:36 . 2009-06-11 15:21 -------- d-----w- c:\program files\RocketDock
2009-06-11 16:34 . 2009-06-11 15:24 35256 ----a-w- c:\documents and settings\Alshopaky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 16:29 . 2009-06-11 16:29 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\ESET
2009-06-11 16:27 . 2009-06-11 16:27 -------- d-----w- c:\program files\Driver-Soft
2009-06-11 16:25 . 2009-06-11 16:25 -------- d-----w- c:\program files\ESET
2009-06-11 16:25 . 2009-06-11 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-11 16:17 . 2009-06-11 16:17 -------- d-----w- c:\program files\BurstCopy
2009-06-11 16:17 . 2009-06-11 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\BurstCopy Labs
2009-06-11 16:16 . 2009-06-11 16:16 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\URSoft
2009-06-11 16:15 . 2009-06-11 16:14 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-11 16:15 . 2009-06-11 16:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-11 16:13 . 2009-06-11 16:13 -------- d-----w- c:\program files\WinPcap
2009-06-11 16:13 . 2009-06-11 16:12 -------- d-----w- c:\program files\stopcut
2009-06-11 16:12 . 2009-06-11 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\OpenDNS Updater
2009-06-11 16:11 . 2009-06-11 16:11 -------- d-----w- c:\program files\OpenDNS Updater
2009-06-11 16:05 . 2009-06-11 16:05 0 ----a-w- c:\windows\nsreg.dat
2009-06-11 15:24 . 2009-06-11 15:24 -------- d-----w- c:\documents and settings\Alshopaky\Application Data\OtakuSoftware
2009-06-11 15:22 . 2009-06-11 15:22 -------- d-----w- c:\program files\Windows7
2009-06-11 13:01 . 2009-06-11 13:01 -------- d-----w- c:\program files\VistaDrives
2009-06-11 13:00 . 2009-06-11 13:00 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-06-11 12:51 . 2009-06-11 16:41 -------- d-----w- c:\program files\Intel
2009-06-11 10:56 . 2009-06-11 10:56 -------- d-----w- c:\program files\microsoft frontpage
2009-06-11 10:51 . 2009-06-11 10:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-11 10:51 . 2009-06-11 10:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-14 08:49 . 2009-05-14 08:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 08:49 . 2009-05-14 08:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 08:49 . 2009-05-14 08:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 08:47 . 2009-05-14 08:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 08:41 . 2009-05-14 08:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-05 17:31 . 2009-06-11 16:14 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-02 13:21 . 2009-06-11 16:14 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-24 11:43 . 2009-06-11 17:55 43008 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-03-24 11:43 . 2009-06-11 17:55 43008 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-03-24 11:43 . 2009-06-11 17:55 235520 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-03-24 11:43 . 2009-06-11 17:55 338432 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-03-24 11:42 . 2009-06-11 17:55 235008 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-03-24 11:42 . 2009-06-11 17:55 345088 ----a-w- c:\documents and settings\Alshopaky\Application Data\Mozilla\Firefox\Profiles\cc2v3jzv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
.
------- Sigcheck -------
[-] 2008-03-20 18:36 578560 F92D8964B5286DE225BD2B6BF89764BE c:\windows\system32\user32.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3gdr\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3qfe\wininet.dll
[-] 2008-04-28 09:25 920064 88348F8C92C28BA99FE49BD392100CE0 c:\windows\system32\wininet.dll
[-] 2008-04-28 09:24 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows\system32\winlogon.exe
[-] 2008-04-26 03:58 2227072 F65795635A4DA985337F1A8C15B42F98 c:\windows\system32\ntkrnlpa.exe
[-] 2008-04-26 03:44 2350208 46391325B9159057FFFAFCA37A39A669 c:\windows\system32\ntoskrnl.exe
[-] 2008-08-18 18:17 1616384 4A90F51B778FA0157F60D206E8B37D2A c:\windows\explorer.exe
[-] 2008-04-28 09:22 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows\system32\ctfmon.exe
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2008-03-20 18:36 989696 9A8D604748D9FE73B66021E5782A4A3C c:\windows\system32\kernel32.dll
[-] 2008-04-26 03:58 1614848 BC298B78B311397B421D4D52B44B49EC c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-26 123904]
[HKLM\~\startupfolder\C:^Documents and Settings^Alshopaky^Start Menu^Programs^Startup^StopCut home.lnk]
path=c:\documents and settings\Alshopaky\Start Menu\Programs\Startup\StopCut home.lnk
backup=c:\windows\pss\StopCut home.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Alshopaky^Start Menu^Programs^Startup^StopCut.lnk]
path=c:\documents and settings\Alshopaky\Start Menu\Programs\Startup\StopCut.lnk
backup=c:\windows\pss\StopCut.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 11:47 AM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 11:47 AM 731840]
R2 OpenDNS Updater.exe;OpenDNS Updater;c:\program files\OpenDNS Updater\OpenDNS Updater.exe --run --> c:\program files\OpenDNS Updater\OpenDNS Updater.exe --run [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/12/2009 7:55 PM 19096]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/12/2009 7:55 PM 194832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 11:22 PM 34064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-06-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.forsanelhaq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {DD0A9973-A1B6-4626-A8E9-1F224E2C344D} = 208.67.222.222,208.67.220.220
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-15 21:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(3420)
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-06-15 21:51
ComboFix-quarantined-files.txt 2009-06-15 18:51
Pre-Run: 3,717,341,184 bytes free
Post-Run: 3,773,829,120 bytes free
307 --- E O F --- 2009-06-15 05:22
توقيع : alshopaky
تأييد
0
ابـــو عــبــد الــلــه
زيزوومى فضى
- إنضم
- 31 ديسمبر 2007
- المشاركات
- 6,175
- مستوى التفاعل
- 65
- النقاط
- 840
- الإقامة
- لا إله إلا الله محمد رسول الله
غير متصل
عطل استعادة النظام حسب الشرح التالي
ثم
ثم
ادخل هذه الصفحة
وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
وارفعه على هذا الموقع
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafeeوارفعه على هذا الموقع
توقيع : ابـــو عــبــد الــلــه
تأييد
0
ابـــو عــبــد الــلــه
زيزوومى فضى
- إنضم
- 31 ديسمبر 2007
- المشاركات
- 6,175
- مستوى التفاعل
- 65
- النقاط
- 840
- الإقامة
- لا إله إلا الله محمد رسول الله
غير متصل
:f:
انت حمل المكافي وافحص جهازك ... وان شاء الله خير
توقيع : ابـــو عــبــد الــلــه
تأييد
0
ابـــو عــبــد الــلــه
زيزوومى فضى
- إنضم
- 31 ديسمبر 2007
- المشاركات
- 6,175
- مستوى التفاعل
- 65
- النقاط
- 840
- الإقامة
- لا إله إلا الله محمد رسول الله
غير متصل
توقيع : ابـــو عــبــد الــلــه
تأييد
0
ابـــو عــبــد الــلــه
زيزوومى فضى
- إنضم
- 31 ديسمبر 2007
- المشاركات
- 6,175
- مستوى التفاعل
- 65
- النقاط
- 840
- الإقامة
- لا إله إلا الله محمد رسول الله
غير متصل
جهازك فيه فلونزا الخنزير اعزك الله ... :hh: ...
توقيع : ابـــو عــبــد الــلــه
تأييد
0
alshopaky
زيزوومي نشيط
غير متصل
اللهم آميــــــن بس انت بتضحك ليه كده وبعدين فين باقى سنانك _ابتسامه _
الحمد لله اخى تم حل المشكله بتنزيل اخر اصدار من الياهو .... ولم تفلح اى من محاولاتك ..... :bleh::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no:
جزاكم الله خيرا لمحاولة المساعدة
الحمد لله اخى تم حل المشكله بتنزيل اخر اصدار من الياهو .... ولم تفلح اى من محاولاتك ..... :bleh::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no::no:
جزاكم الله خيرا لمحاولة المساعدة
توقيع : alshopaky
تأييد
0
