- بادئ الموضوع بنت شيوخـ
- تاريخ البدء
- 1,753
بنت شيوخـ
زيزوومى متألق
غير متصل
ComboFix 09-06-28.02 - ibda 06/29/2009 9:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.503.192 [GMT 3:00]
Running from: c:\documents and settings\ibda\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ibda\Application Data\tazebama
c:\windows\msa.exe
c:\windows\system32\tmp.reg
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
C:\zPharaoh.exe
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-26 22:45 . 2009-06-28 17:29 -------- d-----w- c:\documents and settings\ibda\Application Data\MessengerDiscovery 2
2009-06-26 22:43 . 2009-06-28 18:27 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-06-26 21:33 . 2009-06-26 21:33 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\bluesoleil
2009-06-26 21:29 . 2009-06-26 21:29 -------- d-----w- c:\program files\IVT Corporation
2009-06-25 23:16 . 2009-06-25 23:16 -------- d-----w- c:\program files\Resource Tuner
2009-06-25 19:57 . 2009-06-25 19:57 -------- d-----w- c:\program files\Trend Micro
2009-06-25 18:09 . 2009-06-25 18:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\arab_stars
2009-06-25 12:30 . 2009-06-25 12:30 -------- d-----w- C:\TechSmith
2009-06-24 15:35 . 2009-06-24 15:35 -------- d-----w- c:\documents and settings\ibda\Application Data\Ashampoo
2009-06-24 15:34 . 2009-06-24 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\page
2009-06-24 10:51 . 2006-03-11 20:31 3096576 ----a-w- c:\windows\system32\chromeengine2.dll
2009-06-24 10:40 . 2000-11-29 00:07 307200 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-24 10:39 . 2002-04-01 20:15 11264 ----a-w- c:\windows\system32\ogg.dll
2009-06-24 10:31 . 2009-06-24 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-24 05:52 . 2009-06-24 05:53 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\arab_stars
2009-06-24 05:52 . 2009-06-24 05:52 -------- d-----w- c:\program files\arab_stars
2009-06-23 14:51 . 2007-08-07 07:58 32768 ----a-w- c:\windows\system32\Wnaspi32.dll
2009-06-23 14:51 . 2007-08-07 08:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-06-23 14:51 . 2009-06-23 14:51 -------- d-----w- c:\documents and settings\ibda\Application Data\Acoustica
2009-06-19 23:11 . 2009-06-22 17:29 -------- d-----w- c:\program files\Nero
2009-06-18 18:34 . 2009-06-18 18:34 390664 ----a-w- c:\documents and settings\ibda\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-17 18:59 . 2009-06-17 18:59 -------- d-----w- c:\documents and settings\ibda\Application Data\UP
2009-06-17 18:59 . 2009-06-17 18:59 -------- d-----w- c:\documents and settings\ibda\Application Data\Ace
2009-06-17 18:58 . 2009-06-17 18:58 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2009-06-17 18:53 . 2008-10-30 08:57 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2009-06-11 18:09 . 2009-06-11 18:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-08 18:35 . 2009-06-08 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-08 18:25 . 2009-06-08 18:25 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\Real
2009-06-08 18:24 . 2009-06-08 18:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-08 18:22 . 2009-06-08 18:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-08 13:49 . 2009-06-08 14:22 -------- d-----w- c:\program files\Emailrobot
2009-06-08 13:49 . 2009-06-08 13:49 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\Downloaded Installations
2009-06-06 19:02 . 2004-08-03 20:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-06 19:02 . 2004-08-03 20:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-04 20:10 . 2009-06-04 20:10 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\Conduit
2009-06-04 20:10 . 2008-06-26 11:34 11776 ----a-w- c:\documents and settings\ibda\Application Data\Mozilla\Firefox\Profiles\47kqfbf0.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
2009-06-04 20:10 . 2008-06-26 11:34 114688 ----a-w- c:\documents and settings\ibda\Application Data\Mozilla\Firefox\Profiles\47kqfbf0.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\npmozax.dll
2009-06-04 20:10 . 2009-06-04 20:10 -------- d-----w- c:\program files\Conduit
2009-06-04 12:03 . 2009-06-04 12:03 -------- d-----w- c:\program files\Common Files\DirectX
2009-06-04 11:54 . 2009-06-04 12:18 -------- d-----w- c:\program files\IHRA Drag Racing
2009-06-03 16:29 . 2009-06-18 21:17 -------- d-----w- c:\documents and settings\ibda\Application Data\COWON
2009-06-02 23:19 . 2009-06-02 23:19 -------- d-----w- c:\documents and settings\ibda\Application Data\FlashFXP
2009-06-02 23:19 . 2009-06-04 09:14 -------- d-----w- c:\program files\FlashFXP
2009-06-02 18:41 . 2006-03-17 00:38 28672 ------w- c:\windows\system32\verclsid.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 05:16 . 2001-09-19 12:00 59680 ----a-w- c:\windows\system32\perfc001.dat
2009-06-29 05:16 . 2001-09-19 12:00 331066 ----a-w- c:\windows\system32\perfh001.dat
2009-06-29 05:11 . 2009-05-18 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-29 00:02 . 2009-05-18 15:13 655392 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-29 00:02 . 2009-05-18 15:13 4368 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-29 00:02 . 2009-05-18 15:13 2741792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-29 00:02 . 2009-05-18 15:13 23548 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-25 21:27 . 2009-06-25 21:22 -------- d-----w- c:\documents and settings\ibda\Application Data\cleaner
2009-06-25 21:22 . 2009-06-25 21:22 -------- d-----w- c:\documents and settings\ibda\Application Data\CyberScrub
2009-06-18 21:19 . 2009-05-18 13:41 -------- d-----w- c:\program files\Common Files\Apple
2009-06-18 21:17 . 2009-05-18 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 21:17 . 2009-05-18 11:36 -------- d-----w- c:\program files\JetAudio
2009-06-18 21:12 . 2009-05-18 11:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 00:11 . 2009-05-18 11:32 -------- d-----w- c:\program files\CyberLink
2009-06-09 00:10 . 2009-05-18 11:33 -------- d-----w- c:\program files\Google
2009-06-08 18:24 . 2009-05-18 11:53 -------- d-----w- c:\program files\Common Files\Real
2009-06-08 18:24 . 2009-05-18 11:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-04 16:27 . 2009-05-20 18:12 -------- d-----w- c:\documents and settings\ibda\Application Data\Resource Tuner
2009-06-04 08:55 . 2009-05-18 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-28 16:18 . 2009-05-28 15:46 -------- d-----w- c:\program files\Online TV Player 4
2009-05-28 11:04 . 2009-05-17 21:04 151208 ----a-w- c:\documents and settings\ibda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 10:18 . 2009-05-28 10:18 -------- d-----w- c:\program files\TeamViewer3
2009-05-28 09:03 . 2009-05-18 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-28 08:59 . 2009-05-28 09:00 720896 ----a-w- c:\windows\iun6002.exe
2009-05-28 07:16 . 2009-05-28 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-05-28 07:16 . 2009-05-28 07:16 -------- d-----w- c:\documents and settings\ibda\Application Data\Recordpad
2009-05-28 07:16 . 2009-05-28 07:16 -------- d-----w- c:\program files\NCH Software
2009-05-28 07:16 . 2009-05-28 07:16 -------- d-----w- c:\documents and settings\ibda\Application Data\NCH Swift Sound
2009-05-28 00:02 . 2009-05-28 00:02 -------- d-----w- c:\program files\MSXML 4.0
2009-05-27 14:48 . 2009-05-27 10:21 -------- d-----w- c:\program files\MP3Cutter
2009-05-27 14:37 . 2009-05-27 14:37 -------- d-----w- c:\documents and settings\ibda\Application Data\FairStars Audio Converter
2009-05-27 14:37 . 2009-05-27 14:37 -------- d-----w- c:\program files\FairStars Audio Converter
2009-05-23 15:13 . 2009-05-23 15:13 -------- d-----w- c:\program files\No-IP
2009-05-21 18:52 . 2009-05-17 20:58 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-20 18:19 . 2009-05-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-20 12:51 . 2009-05-18 15:14 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 12:51 . 2009-05-18 15:14 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-19 19:05 . 2009-05-19 18:41 -------- d-----w- c:\documents and settings\ibda\Application Data\TeamViewer
2009-05-18 21:12 . 2009-05-18 21:12 -------- d-----w- c:\program files\WMV9_VCM
2009-05-18 20:45 . 2009-05-18 20:45 -------- d-----w- c:\documents and settings\ibda\Application Data\Media Player Classic
2009-05-18 20:33 . 2009-05-18 20:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 20:33 . 2009-05-18 20:33 -------- d-----w- c:\program files\Java
2009-05-18 20:32 . 2009-05-18 20:32 152576 ----a-w- c:\documents and settings\ibda\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w- c:\program files\TechSmith
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-18 19:27 . 2009-05-18 19:27 -------- d-----w- c:\program files\SWiSHmax
2009-05-18 19:02 . 2004-08-03 21:55 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-05-18 19:01 . 2009-05-18 19:01 -------- d-----w- c:\program files\KM-Software
2009-05-18 16:57 . 2009-05-18 16:57 -------- d-----w- c:\program files\Circle Dvelopement
2009-05-18 16:57 . 2009-05-18 16:57 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-18 16:55 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-18 16:55 . 2009-05-18 16:55 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-18 16:55 . 2009-05-18 16:55 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-18 16:55 . 2009-05-18 16:55 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-18 16:16 . 2009-05-18 16:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-18 16:03 . 2009-05-18 16:03 998 ----a-w- c:\windows\system32\syswinan.vbs
2009-05-18 15:13 . 2009-05-18 15:13 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-18 15:12 . 2009-05-18 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-18 14:02 . 2009-05-18 14:02 -------- d-----w- c:\program files\Microsoft Works
2009-05-18 14:02 . 2009-05-18 14:02 -------- d-----w- c:\program files\MSBuild
2009-05-18 13:43 . 2009-05-18 13:43 -------- d-----w- c:\documents and settings\ibda\Application Data\Apple Computer
2009-05-18 13:43 . 2009-05-18 13:42 -------- d-----w- c:\program files\iTunes
2009-05-18 13:43 . 2009-05-18 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w- c:\program files\iPod
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w- c:\program files\Bonjour
2009-05-18 13:42 . 2009-05-18 13:41 -------- d-----w- c:\program files\Apple Software Update
2009-05-18 13:41 . 2009-05-18 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-18 11:53 . 2009-05-18 11:53 -------- d-----w- c:\program files\Real
2009-05-18 11:38 . 2009-05-18 11:38 0 ----a-w- c:\windows\nsreg.dat
2009-05-18 11:34 . 2009-05-18 11:34 -------- d-----w- c:\documents and settings\ibda\Application Data\CyberLink
2009-05-18 11:32 . 2009-05-18 11:32 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-18 11:32 . 2009-05-18 11:32 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-18 11:23 . 2009-05-18 11:23 -------- d-----w- c:\program files\Windows Live
2009-05-18 11:00 . 2009-05-18 10:59 -------- d-----w- c:\program files\Realtek
2009-05-18 10:59 . 2009-05-18 10:59 -------- d-----w- c:\documents and settings\ibda\Application Data\InstallShield
2009-05-18 10:59 . 2009-05-18 10:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-18 10:56 . 2009-05-18 10:56 -------- d-----w- c:\program files\Intel
2009-05-18 10:56 . 2009-05-18 10:56 -------- d-----w- c:\program files\Yahoo!
2009-05-17 20:59 . 2009-05-17 20:59 -------- d-----w- c:\program files\microsoft frontpage
2009-05-17 20:56 . 2009-05-17 20:56 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-07 15:42 . 2004-08-03 21:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:51 . 2004-08-03 21:55 657920 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:51 . 2004-08-03 21:55 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:08 . 2004-08-03 21:46 1846528 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:12 . 2004-08-03 21:55 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-18 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-08 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\ibda\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-5-23 1172992]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-1-22 7225672]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ibda^قائمة ابدأ^البرامج^بدء التشغيل^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\ibda\قائمة ابدأ\البرامج\بدء التشغيل\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\ibda\\سطح المكتب\\Bifrost\\BiFrOsT-MoJaHeD.exe"=
"c:\\Documents and Settings\\ibda\\سطح المكتب\\Poison Ivy ~ Dev-Point Edition\\Poison Ivy 2.3.2.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabledxpsp2res.dll,-22009
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21/01/2008 07:28 م 21512]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [04/06/2008 06:26 م 143467]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 02:58 م 26248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0F8B3D4E-7BCC-EA5F-3113-BA3C809F0773}]
c:\documents and settings\ibda\سطح المكتب\Saudihack.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F06B85EC-BA8F-69F6-95B6-BCEEB6C6FB42}]
F:\Test.exe
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ibda\Application Data\Mozilla\Firefox\Profiles\47kqfbf0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\ibda\Application Data\Mozilla\Firefox\Profiles\47kqfbf0.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-29 09:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-29 9:21
ComboFix-quarantined-files.txt 2009-06-29 06:20
Pre-Run: 19,242,913,792 bytes free
Post-Run: 19,333,799,936 bytes free
231 --- E O F --- 2009-06-10 18:37
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.503.192 [GMT 3:00]
Running from: c:\documents and settings\ibda\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ibda\Application Data\tazebama
c:\windows\msa.exe
c:\windows\system32\tmp.reg
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
C:\zPharaoh.exe
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-26 22:45 . 2009-06-28 17:29 -------- d-----w- c:\documents and settings\ibda\Application Data\MessengerDiscovery 2
2009-06-26 22:43 . 2009-06-28 18:27 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-06-26 21:33 . 2009-06-26 21:33 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\bluesoleil
2009-06-26 21:29 . 2009-06-26 21:29 -------- d-----w- c:\program files\IVT Corporation
2009-06-25 23:16 . 2009-06-25 23:16 -------- d-----w- c:\program files\Resource Tuner
2009-06-25 19:57 . 2009-06-25 19:57 -------- d-----w- c:\program files\Trend Micro
2009-06-25 18:09 . 2009-06-25 18:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\arab_stars
2009-06-25 12:30 . 2009-06-25 12:30 -------- d-----w- C:\TechSmith
2009-06-24 15:35 . 2009-06-24 15:35 -------- d-----w- c:\documents and settings\ibda\Application Data\Ashampoo
2009-06-24 15:34 . 2009-06-24 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\page
2009-06-24 10:51 . 2006-03-11 20:31 3096576 ----a-w- c:\windows\system32\chromeengine2.dll
2009-06-24 10:40 . 2000-11-29 00:07 307200 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-24 10:39 . 2002-04-01 20:15 11264 ----a-w- c:\windows\system32\ogg.dll
2009-06-24 10:31 . 2009-06-24 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-24 05:52 . 2009-06-24 05:53 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\arab_stars
2009-06-24 05:52 . 2009-06-24 05:52 -------- d-----w- c:\program files\arab_stars
2009-06-23 14:51 . 2007-08-07 07:58 32768 ----a-w- c:\windows\system32\Wnaspi32.dll
2009-06-23 14:51 . 2007-08-07 08:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2009-06-23 14:51 . 2009-06-23 14:51 -------- d-----w- c:\documents and settings\ibda\Application Data\Acoustica
2009-06-19 23:11 . 2009-06-22 17:29 -------- d-----w- c:\program files\Nero
2009-06-18 18:34 . 2009-06-18 18:34 390664 ----a-w- c:\documents and settings\ibda\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-17 18:59 . 2009-06-17 18:59 -------- d-----w- c:\documents and settings\ibda\Application Data\UP
2009-06-17 18:59 . 2009-06-17 18:59 -------- d-----w- c:\documents and settings\ibda\Application Data\Ace
2009-06-17 18:58 . 2009-06-17 18:58 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2009-06-17 18:53 . 2008-10-30 08:57 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2009-06-11 18:09 . 2009-06-11 18:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-08 18:35 . 2009-06-08 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-08 18:25 . 2009-06-08 18:25 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\Real
2009-06-08 18:24 . 2009-06-08 18:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-08 18:22 . 2009-06-08 18:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-08 13:49 . 2009-06-08 14:22 -------- d-----w- c:\program files\Emailrobot
2009-06-08 13:49 . 2009-06-08 13:49 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\Downloaded Installations
2009-06-06 19:02 . 2004-08-03 20:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-06 19:02 . 2004-08-03 20:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-04 20:10 . 2009-06-04 20:10 -------- d-----w- c:\documents and settings\ibda\Local Settings\Application Data\Conduit
2009-06-04 20:10 . 2008-06-26 11:34 11776 ----a-w- c:\documents and settings\ibda\Application Data\Mozilla\Firefox\Profiles\47kqfbf0.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
2009-06-04 20:10 . 2008-06-26 11:34 114688 ----a-w- c:\documents and settings\ibda\Application Data\Mozilla\Firefox\Profiles\47kqfbf0.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\npmozax.dll
2009-06-04 20:10 . 2009-06-04 20:10 -------- d-----w- c:\program files\Conduit
2009-06-04 12:03 . 2009-06-04 12:03 -------- d-----w- c:\program files\Common Files\DirectX
2009-06-04 11:54 . 2009-06-04 12:18 -------- d-----w- c:\program files\IHRA Drag Racing
2009-06-03 16:29 . 2009-06-18 21:17 -------- d-----w- c:\documents and settings\ibda\Application Data\COWON
2009-06-02 23:19 . 2009-06-02 23:19 -------- d-----w- c:\documents and settings\ibda\Application Data\FlashFXP
2009-06-02 23:19 . 2009-06-04 09:14 -------- d-----w- c:\program files\FlashFXP
2009-06-02 18:41 . 2006-03-17 00:38 28672 ------w- c:\windows\system32\verclsid.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 05:16 . 2001-09-19 12:00 59680 ----a-w- c:\windows\system32\perfc001.dat
2009-06-29 05:16 . 2001-09-19 12:00 331066 ----a-w- c:\windows\system32\perfh001.dat
2009-06-29 05:11 . 2009-05-18 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-29 00:02 . 2009-05-18 15:13 655392 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-29 00:02 . 2009-05-18 15:13 4368 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-29 00:02 . 2009-05-18 15:13 2741792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-29 00:02 . 2009-05-18 15:13 23548 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-25 21:27 . 2009-06-25 21:22 -------- d-----w- c:\documents and settings\ibda\Application Data\cleaner
2009-06-25 21:22 . 2009-06-25 21:22 -------- d-----w- c:\documents and settings\ibda\Application Data\CyberScrub
2009-06-18 21:19 . 2009-05-18 13:41 -------- d-----w- c:\program files\Common Files\Apple
2009-06-18 21:17 . 2009-05-18 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 21:17 . 2009-05-18 11:36 -------- d-----w- c:\program files\JetAudio
2009-06-18 21:12 . 2009-05-18 11:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 00:11 . 2009-05-18 11:32 -------- d-----w- c:\program files\CyberLink
2009-06-09 00:10 . 2009-05-18 11:33 -------- d-----w- c:\program files\Google
2009-06-08 18:24 . 2009-05-18 11:53 -------- d-----w- c:\program files\Common Files\Real
2009-06-08 18:24 . 2009-05-18 11:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-04 16:27 . 2009-05-20 18:12 -------- d-----w- c:\documents and settings\ibda\Application Data\Resource Tuner
2009-06-04 08:55 . 2009-05-18 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-28 16:18 . 2009-05-28 15:46 -------- d-----w- c:\program files\Online TV Player 4
2009-05-28 11:04 . 2009-05-17 21:04 151208 ----a-w- c:\documents and settings\ibda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 10:18 . 2009-05-28 10:18 -------- d-----w- c:\program files\TeamViewer3
2009-05-28 09:03 . 2009-05-18 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-28 08:59 . 2009-05-28 09:00 720896 ----a-w- c:\windows\iun6002.exe
2009-05-28 07:16 . 2009-05-28 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-05-28 07:16 . 2009-05-28 07:16 -------- d-----w- c:\documents and settings\ibda\Application Data\Recordpad
2009-05-28 07:16 . 2009-05-28 07:16 -------- d-----w- c:\program files\NCH Software
2009-05-28 07:16 . 2009-05-28 07:16 -------- d-----w- c:\documents and settings\ibda\Application Data\NCH Swift Sound
2009-05-28 00:02 . 2009-05-28 00:02 -------- d-----w- c:\program files\MSXML 4.0
2009-05-27 14:48 . 2009-05-27 10:21 -------- d-----w- c:\program files\MP3Cutter
2009-05-27 14:37 . 2009-05-27 14:37 -------- d-----w- c:\documents and settings\ibda\Application Data\FairStars Audio Converter
2009-05-27 14:37 . 2009-05-27 14:37 -------- d-----w- c:\program files\FairStars Audio Converter
2009-05-23 15:13 . 2009-05-23 15:13 -------- d-----w- c:\program files\No-IP
2009-05-21 18:52 . 2009-05-17 20:58 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-20 18:19 . 2009-05-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-20 12:51 . 2009-05-18 15:14 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 12:51 . 2009-05-18 15:14 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-19 19:05 . 2009-05-19 18:41 -------- d-----w- c:\documents and settings\ibda\Application Data\TeamViewer
2009-05-18 21:12 . 2009-05-18 21:12 -------- d-----w- c:\program files\WMV9_VCM
2009-05-18 20:45 . 2009-05-18 20:45 -------- d-----w- c:\documents and settings\ibda\Application Data\Media Player Classic
2009-05-18 20:33 . 2009-05-18 20:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 20:33 . 2009-05-18 20:33 -------- d-----w- c:\program files\Java
2009-05-18 20:32 . 2009-05-18 20:32 152576 ----a-w- c:\documents and settings\ibda\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w- c:\program files\TechSmith
2009-05-18 19:36 . 2009-05-18 19:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-18 19:27 . 2009-05-18 19:27 -------- d-----w- c:\program files\SWiSHmax
2009-05-18 19:02 . 2004-08-03 21:55 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-05-18 19:01 . 2009-05-18 19:01 -------- d-----w- c:\program files\KM-Software
2009-05-18 16:57 . 2009-05-18 16:57 -------- d-----w- c:\program files\Circle Dvelopement
2009-05-18 16:57 . 2009-05-18 16:57 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-18 16:55 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-18 16:55 . 2009-05-18 16:55 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-18 16:55 . 2009-05-18 16:55 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-18 16:55 . 2009-05-18 16:55 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-18 16:16 . 2009-05-18 16:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-18 16:03 . 2009-05-18 16:03 998 ----a-w- c:\windows\system32\syswinan.vbs
2009-05-18 15:13 . 2009-05-18 15:13 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-18 15:12 . 2009-05-18 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-18 14:02 . 2009-05-18 14:02 -------- d-----w- c:\program files\Microsoft Works
2009-05-18 14:02 . 2009-05-18 14:02 -------- d-----w- c:\program files\MSBuild
2009-05-18 13:43 . 2009-05-18 13:43 -------- d-----w- c:\documents and settings\ibda\Application Data\Apple Computer
2009-05-18 13:43 . 2009-05-18 13:42 -------- d-----w- c:\program files\iTunes
2009-05-18 13:43 . 2009-05-18 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w- c:\program files\iPod
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w- c:\program files\Bonjour
2009-05-18 13:42 . 2009-05-18 13:41 -------- d-----w- c:\program files\Apple Software Update
2009-05-18 13:41 . 2009-05-18 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-18 11:53 . 2009-05-18 11:53 -------- d-----w- c:\program files\Real
2009-05-18 11:38 . 2009-05-18 11:38 0 ----a-w- c:\windows\nsreg.dat
2009-05-18 11:34 . 2009-05-18 11:34 -------- d-----w- c:\documents and settings\ibda\Application Data\CyberLink
2009-05-18 11:32 . 2009-05-18 11:32 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-18 11:32 . 2009-05-18 11:32 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-18 11:23 . 2009-05-18 11:23 -------- d-----w- c:\program files\Windows Live
2009-05-18 11:00 . 2009-05-18 10:59 -------- d-----w- c:\program files\Realtek
2009-05-18 10:59 . 2009-05-18 10:59 -------- d-----w- c:\documents and settings\ibda\Application Data\InstallShield
2009-05-18 10:59 . 2009-05-18 10:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-18 10:56 . 2009-05-18 10:56 -------- d-----w- c:\program files\Intel
2009-05-18 10:56 . 2009-05-18 10:56 -------- d-----w- c:\program files\Yahoo!
2009-05-17 20:59 . 2009-05-17 20:59 -------- d-----w- c:\program files\microsoft frontpage
2009-05-17 20:56 . 2009-05-17 20:56 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-07 15:42 . 2004-08-03 21:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:51 . 2004-08-03 21:55 657920 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:51 . 2004-08-03 21:55 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:08 . 2004-08-03 21:46 1846528 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:12 . 2004-08-03 21:55 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-18 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-08 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\ibda\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-5-23 1172992]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-1-22 7225672]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ibda^قائمة ابدأ^البرامج^بدء التشغيل^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\ibda\قائمة ابدأ\البرامج\بدء التشغيل\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Documents and Settings\\ibda\\سطح المكتب\\Bifrost\\BiFrOsT-MoJaHeD.exe"=
"c:\\Documents and Settings\\ibda\\سطح المكتب\\Poison Ivy ~ Dev-Point Edition\\Poison Ivy 2.3.2.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabledxpsp2res.dll,-22009R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21/01/2008 07:28 م 21512]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [04/06/2008 06:26 م 143467]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 02:58 م 26248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0F8B3D4E-7BCC-EA5F-3113-BA3C809F0773}]
c:\documents and settings\ibda\سطح المكتب\Saudihack.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F06B85EC-BA8F-69F6-95B6-BCEEB6C6FB42}]
F:\Test.exe
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ibda\Application Data\Mozilla\Firefox\Profiles\47kqfbf0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\ibda\Application Data\Mozilla\Firefox\Profiles\47kqfbf0.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-29 09:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-29 9:21
ComboFix-quarantined-files.txt 2009-06-29 06:20
Pre-Run: 19,242,913,792 bytes free
Post-Run: 19,333,799,936 bytes free
231 --- E O F --- 2009-06-10 18:37
توقيع : بنت شيوخـ
تأييد
0