الله يعيطك العافية آخوي
آستخدمت آداء ComboFix
وآنحلت المشكلة ( لكن هل طريقتي صحيحه ؟ )
وهذا التقرير حق الآداة
ComboFix 09-06-20.02 - user 07/13/2009 13:28.17 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.502.218 [GMT 3:00]
Running from: e:\l[,]l\مجلد جديد\مجلد جديد\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe
c:\docume~1\user\LOCALS~1\Temp\nsv1F.tmp\ns22.tmp
c:\docume~1\user\LOCALS~1\Temp\nsv1F.tmp\nsExec.dll
c:\docume~1\user\LOCALS~1\Temp\RtkBtMnt.exe
c:\documents and settings\user\Local Settings\temp\~nsu.tmp\Au_.exe
c:\documents and settings\user\Local Settings\temp\nsv1F.tmp\ns22.tmp
c:\documents and settings\user\Local Settings\temp\nsv1F.tmp\nsExec.dll
c:\documents and settings\user\Local Settings\temp\RtkBtMnt.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.
2009-07-12 08:04 . 2009-04-03 18:18 33256 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-07-12 08:04 . 2009-07-13 10:09 -------- d-----w- c:\program files\Hotspot Shield
2009-07-11 16:30 . 2009-07-11 16:30 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-07-11 16:19 . 2009-07-11 16:19 -------- d-----w- c:\documents and settings\user\Application Data\URSoft
2009-07-11 16:19 . 2009-07-13 10:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-11 16:19 . 2009-07-11 16:29 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-07-11 15:13 . 2009-07-11 16:30 -------- d-----w- c:\program files\UltraISO
2009-07-11 14:53 . 2009-07-11 14:53 198064 ----a-w- c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-10 23:32 . 2009-07-10 23:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-10 11:24 . 2009-07-10 11:24 13312 ----a-w- c:\documents and settings\user\Application Data\MessengerDiscovery 2\Plugins\All Status Commands.dll
2009-07-10 11:23 . 2009-07-10 11:23 318464 ----a-w- c:\documents and settings\user\Application Data\MessengerDiscovery 2\Plugins\DisplayPicture History.dll
2009-07-10 11:19 . 2009-07-10 11:20 -------- d-----w- c:\documents and settings\user\Application Data\MessengerDiscovery 2
2009-07-10 11:18 . 2009-07-10 11:26 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-07-10 10:36 . 2009-07-10 23:32 -------- d-sh--w- c:\windows\Installer
2009-07-09 09:50 . 2009-07-11 15:02 -------- d-----w- c:\program files\Internet Download Manager
2009-07-09 09:43 . 2009-05-27 14:26 7415594 ----a-w- c:\program files\Internet_Download_Manager.exe
2009-07-09 04:55 . 2009-07-09 04:55 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Identities
2009-07-04 05:12 . 2009-07-04 05:14 1376374 ----a-w- c:\documents and settings\user\Application Data\IDM\DwnlData\user\dotnetfx_334\dotnetfx.exe
2009-07-04 05:12 . 2009-07-04 05:12 438436 ----a-w- c:\documents and settings\user\Application Data\IDM\DwnlData\user\dotnetfx_333\dotnetfx.exe
2009-07-04 05:06 . 2009-07-04 05:06 -------- d-----w- c:\program files\ArzooSoft Solutions
2009-07-04 03:27 . 2007-11-13 14:57 38 ----a-w- c:\windows\system32\zzrun.bat
2009-07-04 03:27 . 2006-07-22 20:49 5376 ----a-w- c:\windows\system32\antiwpa.dll
2009-07-02 01:10 . 2009-07-04 05:07 -------- d-----w- c:\program files\AV VCS 3.0
2009-07-02 01:09 . 2009-07-02 01:09 16 ----a-w- c:\windows\system32\DataRnvx.dat
2009-07-01 18:49 . 2009-07-01 18:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-01 18:17 . 2009-07-01 18:17 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-01 18:12 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-01 18:12 . 2009-07-01 18:12 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-01 18:06 . 2009-07-01 13:45 34008688 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ara.exe
2009-07-01 18:04 . 2009-07-01 18:04 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-01 18:04 . 2009-07-01 18:04 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-01 18:04 . 2009-07-01 18:04 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-01 18:04 . 2009-07-01 18:04 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-30 22:19 . 2009-06-30 22:31 -------- d-sh--w- c:\documents and settings\user\Application Data\.#
2009-06-30 22:19 . 2009-06-30 22:31 -------- d-----w- c:\program files\Folder Lock 6
2009-06-29 19:26 . 2009-06-29 19:41 -------- d-----w- C:\QUARANTINE
2009-06-28 22:05 . 2009-07-09 08:20 -------- d-----w- c:\documents and settings\user\Application Data\Paltalk
2009-06-28 15:25 . 2009-06-28 15:40 -------- d-----w- C:\Display Pics (
aboshayb787@hotmail.com)
2009-06-28 08:15 . 2009-06-28 08:15 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-27 09:25 . 2009-06-27 09:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-27 09:25 . 2009-07-06 13:02 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2009-06-27 09:19 . 2009-07-07 04:20 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2009-06-27 09:19 . 2009-06-27 09:19 -------- d-----w- c:\program files\Common Files\Skype
2009-06-27 09:18 . 2009-06-27 09:19 -------- d-----r- c:\program files\Skype
2009-06-27 09:18 . 2009-06-27 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-23 10:14 . 2009-06-23 10:14 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-21 18:28 . 2006-11-06 12:30 262144 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-18 17:31 . 2009-06-18 17:31 -------- d-----w- c:\program files\uTorrent
2009-06-15 16:50 . 2009-06-15 16:50 -------- d-----w- c:\program files\Common Files\DFX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 10:33 . 2009-04-28 00:12 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-07-13 10:33 . 2009-04-12 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-13 10:31 . 2009-04-12 03:08 5304 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-13 10:31 . 2009-04-12 03:08 622624 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-13 10:31 . 2009-04-12 03:08 2297376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-13 10:31 . 2009-04-12 03:08 21124 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-11 14:53 . 2009-06-05 15:14 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-07-11 12:21 . 2009-04-17 14:16 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2009-07-10 12:38 . 2009-04-12 09:40 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-10 10:44 . 2009-05-15 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-10 10:43 . 2009-05-15 10:30 -------- d-----w- c:\program files\TechSmith
2009-07-10 10:36 . 2009-04-18 14:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-08 23:44 . 2009-04-12 03:03 -------- d-----w- c:\program files\Crcle Developement
2009-07-08 23:43 . 2009-04-12 03:03 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-04 04:54 . 2009-05-03 22:50 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-07-01 19:29 . 2009-04-27 06:16 -------- d-----w- c:\documents and settings\user\Application Data\cleaner
2009-07-01 18:36 . 2009-07-01 18:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-01 18:36 . 2009-07-01 18:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-01 18:34 . 2009-05-24 11:25 -------- d-----w- c:\documents and settings\user\Application Data\Nokia
2009-07-01 18:17 . 2009-05-24 11:25 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-01 18:12 . 2009-05-24 11:24 -------- d-----w- c:\program files\DIFX
2009-07-01 18:09 . 2009-05-24 11:23 -------- d-----w- c:\program files\Nokia
2009-07-01 13:47 . 2009-05-24 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-29 18:57 . 2009-06-07 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-28 14:23 . 2009-04-20 21:38 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-28 14:23 . 2009-05-30 12:47 -------- d-----w- c:\program files\Java
2009-06-28 08:08 . 2001-09-19 12:00 82618 ----a-w- c:\windows\system32\perfc001.dat
2009-06-28 08:08 . 2001-09-19 12:00 389838 ----a-w- c:\windows\system32\perfh001.dat
2009-06-23 10:14 . 2009-03-12 14:04 -------- d-----w- c:\program files\Common Files\Real
2009-06-23 10:13 . 2009-03-12 14:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-23 10:13 . 2009-03-12 14:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-21 18:28 . 2009-04-30 04:24 90112 ----a-w- c:\windows\system32\ssvideo.dll
2009-06-21 18:28 . 2009-04-30 04:24 1128128 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-06-21 18:28 . 2009-04-30 04:24 18595840 ----a-w- c:\windows\system32\coredata.dll
2009-06-21 18:28 . 2009-04-30 04:23 344064 ----a-w- c:\windows\system32\dkll.dll
2009-06-21 18:28 . 2009-04-30 04:23 196608 ----a-w- c:\windows\system32\maag.dll
2009-06-21 18:28 . 2009-04-30 04:23 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-06-21 18:28 . 2009-04-30 04:23 1986560 ----a-w- c:\windows\system32\akll.dll
2009-06-17 12:52 . 2009-04-13 09:50 2293760 ----a-w- c:\documents and settings\user\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-06-15 17:01 . 2009-04-18 14:25 -------- d-----w- c:\program files\DFX
2009-06-14 18:21 . 2009-05-31 18:41 -------- d-----w- c:\documents and settings\user\Application Data\U3
2009-06-12 21:27 . 2009-06-12 21:25 2927168 ----a-w- c:\documents and settings\user\Application Data\IDM\idmupdt.exe
2009-06-12 00:05 . 2009-03-12 14:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 17:42 . 2009-05-24 11:25 -------- d-----w- c:\documents and settings\user\Application Data\PC Suite
2009-06-06 08:02 . 2009-05-24 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-05 12:27 . 2009-05-23 03:21 -------- d-----w- c:\program files\Ahead
2009-06-05 00:05 . 2009-03-12 09:23 95800 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 23:11 . 2009-06-04 23:11 -------- d-----w- c:\program files\MSBuild
2009-06-04 23:11 . 2009-06-04 23:11 193032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-04 23:07 . 2009-06-04 23:07 -------- d-----w- c:\program files\Reference Assemblies
2009-06-04 12:17 . 2009-06-04 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-06-04 12:15 . 2009-06-04 12:15 -------- d-----w- c:\program files\MSXML 6.0
2009-06-04 12:15 . 2009-06-04 12:15 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-04 12:15 . 2009-06-04 12:15 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-04 12:15 . 2009-06-04 12:15 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-04 12:13 . 2009-06-04 12:15 24433136 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_ar[1].exe
2009-06-04 11:19 . 2009-06-02 11:42 -------- d-----w- c:\program files\Cain
2009-06-01 13:09 . 2009-06-01 05:47 -------- d-----w- c:\program files\BitComet
2009-06-01 09:33 . 2009-06-01 09:33 451072 ----a-w- c:\windows\uninstall.exe
2009-06-01 06:08 . 2009-06-01 05:53 -------- d-----w- c:\program files\CometBird
2009-06-01 05:53 . 2009-06-01 05:53 -------- d-----w- c:\documents and settings\user\Application Data\CometNetwork
2009-05-31 04:44 . 2009-05-02 17:17 -------- d-----w- c:\program files\Ela-Salaty
2009-05-30 12:34 . 2009-05-30 12:34 -------- d-----w- c:\program files\Common Files\Java
2009-05-28 12:34 . 2009-05-24 08:24 -------- d-----w- c:\program files\NSS
2009-05-24 22:18 . 2009-05-24 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-05-24 22:18 . 2009-05-24 22:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-24 11:22 . 2009-05-24 11:22 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-24 11:22 . 2009-05-24 11:22 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-24 11:22 . 2009-05-24 11:22 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-24 10:34 . 2009-05-24 11:22 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara_web.exe
2009-05-23 00:54 . 2009-05-18 02:55 -------- d-----w- c:\program files\ma-config.com
2009-05-23 00:54 . 2009-05-18 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-05-22 10:25 . 2009-04-12 03:09 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-22 10:25 . 2009-04-12 03:09 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-22 08:26 . 2009-05-18 13:02 -------- d-----w- c:\program files\Amgad Soft
2009-05-19 10:02 . 2009-05-19 10:02 2678 ----a-w- c:\windows\java\Packages\Data\K2UAS03Z.DAT
2009-05-19 10:02 . 2009-05-19 10:02 2678 ----a-w- c:\windows\java\Packages\Data\3VN9RDF9.DAT
2009-05-19 10:02 . 2009-05-19 10:02 2678 ----a-w- c:\windows\java\Packages\Data\4S29R73X.DAT
2009-05-19 10:02 . 2009-05-19 10:02 2678 ----a-w- c:\windows\java\Packages\Data\
063PVXVV.DAT
2009-05-19 10:02 . 2009-05-19 10:02 2678 ----a-w- c:\windows\java\Packages\Data\AWT3R3FP.DAT
2009-05-19 09:50 . 2009-05-19 09:50 -------- d-----w- c:\program files\MSXML 4.0
2009-05-18 14:05 . 2009-05-18 14:05 -------- d-----w- c:\documents and settings\user\Application Data\Lavasoft
2009-05-18 14:00 . 2009-05-18 14:00 -------- d-----w- c:\documents and settings\user\Application Data\GlarySoft
2009-05-18 13:53 . 2009-05-18 13:53 7680 ----a-w- c:\documents and settings\user\Application Data\Thinstall\1 Click PC Fix v3.5\10000007900002i\regedit.exe
2009-05-18 13:43 . 2009-05-03 10:52 -------- d-----w- c:\documents and settings\user\Application Data\Thinstall
2009-05-18 10:06 . 2009-05-18 10:06 -------- d-----w- c:\program files\Teorex
2009-05-18 08:59 . 2009-05-17 05:02 -------- d-----w- c:\program files\Bit Che
2009-05-18 02:22 . 2009-05-18 02:22 -------- d-----w- c:\program files\Mobily.ws
2009-05-16 12:51 . 2009-03-12 09:28 -------- d-----w- c:\program files\Microsoft Works
2009-05-15 10:43 . 2009-05-15 10:43 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-05-15 10:30 . 2009-05-15 10:30 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-05-15 10:17 . 2009-05-15 10:14 -------- d-----w- c:\program files\CPU Speed Pro
2009-05-15 09:13 . 2009-05-15 09:13 -------- d-----w- c:\program files\Synaptics
2009-05-14 13:37 . 2009-05-14 13:18 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-05-14 13:37 . 2009-05-14 13:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-14 13:18 . 2009-05-14 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-11 09:47 . 2009-05-11 09:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-09 00:03 . 2009-05-08 21:07 93 --s---w- c:\windows\system32\3429066390.dat
2009-05-03 22:51 . 2009-05-03 22:51 0 ------w- c:\windows\nsreg.dat
2009-05-03 10:52 . 2009-05-03 10:52 7680 ------w- c:\documents and settings\user\Application Data\Thinstall\Driver Genius Professional Edition\4000005100002i\Liveupdate.exe
.
------- Sigcheck -------
[-] 2004-08-03 21:56 973312 A10B8A9309FEE2BF9EE6538693844D77 c:\windows\explorer.exe
[-] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-06-28_00.18.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 10:32 . 2009-07-13 10:32 16384 c:\windows\temp\Perflib_Perfdata_2ac.dat
- 2006-09-28 15:56 . 2006-09-15 20:30 55296 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 15:56 . 2008-01-18 21:37 55296 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 17:13 . 2008-01-18 21:37 87552 c:\windows\system32\WUDFCoinstaller.dll
+ 2009-04-17 10:07 . 2009-04-17 10:07 21832 c:\windows\system32\spool\drivers\w32x86\3\SNAGITD9.DLL
+ 2009-07-13 10:08 . 2006-10-26 08:48 27136 c:\windows\system32\ReinstallBackups\
0004\DriverFiles\tapvpn.sys
+ 2001-09-19 12:00 . 2009-06-28 08:08 82854 c:\windows\system32\perfc009.dat
- 2009-05-24 11:23 . 2009-02-09 04:37 91136 c:\windows\system32\nmwcdcls.dll
+ 2009-05-24 11:23 . 2009-02-09 05:37 91136 c:\windows\system32\nmwcdcls.dll
+ 2009-04-25 03:55 . 2009-03-13 21:25 25088 c:\windows\system32\msxml3a.dll
+ 2009-07-01 18:12 . 2008-08-26 07:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
- 2009-05-24 11:24 . 2008-08-26 07:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2009-07-01 18:09 . 2009-02-09 05:37 22016 c:\windows\system32\DRVSTORE\ccdcmbo_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\ccdcmbo.sys
+ 2009-07-01 18:09 . 2009-02-09 05:37 91136 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdcls.dll
+ 2009-07-01 18:09 . 2009-02-09 05:37 17664 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\ccdcmb.sys
+ 2006-09-28 16:00 . 2008-01-18 19:53 83328 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 15:55 . 2008-01-18 19:52 77696 c:\windows\system32\drivers\WudfPf.sys
+ 2008-01-23 21:25 . 2006-10-26 08:48 27136 c:\windows\system32\drivers\tapvpn.sys
- 2008-01-23 21:25 . 2008-01-23 21:25 27136 c:\windows\system32\drivers\tapvpn.sys
+ 2009-07-10 23:32 . 2009-07-10 23:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-12 09:20 . 2009-05-08 23:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-12 09:20 . 2009-07-10 23:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-07-10 23:32 . 2009-07-10 23:32 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-03-12 09:20 . 2009-05-08 23:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-12 09:20 . 2009-07-10 23:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-01 18:10 . 2009-03-19 11:48 8320 c:\windows\system32\DRVSTORE\nmwcdnsuc_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdnsuc.sys
+ 2009-07-01 18:09 . 2009-02-09 05:37 7808 c:\windows\system32\DRVSTORE\ccdcmbm_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\usbser_lowerflt.sys
+ 2009-07-01 18:09 . 2009-02-09 05:37 7808 c:\windows\system32\DRVSTORE\ccdcmbcj_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\usbser_lowerfltj.sys
+ 2006-09-28 15:56 . 2008-01-18 21:37 305152 c:\windows\system32\WUDFx.dll
+ 2006-09-28 15:56 . 2008-01-18 19:52 163840 c:\windows\system32\WudfPlatform.dll
- 2006-09-28 15:56 . 2006-09-15 19:29 163840 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 15:56 . 2008-01-18 21:33 142336 c:\windows\system32\WudfHost.exe
+ 2009-07-01 18:47 . 2009-07-01 18:50 278860 c:\windows\system32\Restore\rstrlog.dat
+ 2001-09-19 12:00 . 2009-06-28 08:08 452658 c:\windows\system32\perfh009.dat
+ 2009-06-28 14:24 . 2009-06-28 14:23 148888 c:\windows\system32\javaws.exe
+ 2009-06-28 14:24 . 2009-06-28 14:23 144792 c:\windows\system32\javaw.exe
+ 2009-06-28 14:24 . 2009-06-28 14:23 144792 c:\windows\system32\java.exe
+ 2009-07-01 18:12 . 2009-05-11 10:30 547840 c:\windows\system32\DRVSTORE\pccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBF\PCCSWpdDriver.dll
+ 2009-07-01 18:10 . 2009-03-19 11:48 136704 c:\windows\system32\DRVSTORE\nmwcdnsu_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdnsu.sys
+ 2009-07-01 18:09 . 2009-02-09 05:37 659968 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdcocls.dll
+ 2009-05-11 10:30 . 2009-05-11 10:30 547840 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2009-03-16 11:01 . 2009-06-11 13:02 452496 c:\windows\Downloaded Program Files\wlscBase.dll
+ 2009-07-01 18:12 . 2009-05-11 09:47 1302600 c:\windows\system32\DRVSTORE\pccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBF\WUDFUpdate_01007.dll
+ 2009-07-01 18:09 . 2009-02-09 05:32 1112288 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\wdfcoinstaller01007.dll
+ 2009-07-01 18:35 . 2009-07-01 18:35 1937408 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-10 10:45 . 2009-07-10 10:45 1431040 c:\windows\Installer\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}\Icon0E6ED660.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-07-13 10:08 332776 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-07-11 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-12 282624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-12 206088]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-23 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-05-28 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\user\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2009-3-12 196608]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows NT\\dialer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24053:TCP"= 24053:TCP:BitComet 24053 TCP
"24053:UDP"= 24053:UDP:BitComet 24053 UDP
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R1 is-9DOU2drv;is-9DOU2drv;c:\windows\system32\drivers\47663032.sys [10/06/2009 02:37 ص 148496]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [12/07/2009 11:04 ص 33256]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [19/12/2008 04:54 م 195752]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [24/05/2009 11:25 ص 32377]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{D69585EF-412D-4A67-8BF6-EE660CD313D8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = 212.107.116.243:8080
uInternet Settings,ProxyOverride = 10.0.0.138
IE: &????? ??? Microsoft Excel
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????? ???? ?????? Internet Download Manager
IE: ????? ????? FLV ?????? Internet Download Manager
IE: ????? ?????? Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager
IE: E???? C??? E?C??E Internet Download Manager
IE: E???? E?C??E Internet Download Manager
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E???? ??E?? FLV E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: E???? C??? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E???? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
FF - ProfilePath -
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "
");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-13 13:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2480)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\WudfHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\TechSmith\Snagit 9\Snagit32.exe
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\TechSmith\Snagit 9\TscHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\docume~1\user\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\TechSmith\Snagit 9\SnagitEditor.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-07-13 13:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 10:37
ComboFix2.txt 2009-07-09 09:40
ComboFix3.txt 2009-07-01 19:29
ComboFix4.txt 2009-06-28 00:20
ComboFix5.txt 2009-07-13 10:27
Pre-Run: 15,504,871,424 bytes free
Post-Run: 15,766,851,584 bytes free
427 --- E O F --- 2009-05-20 07:01
