بشار8636
زيزوومى مميز
غير متصل
- بادئ الموضوع بشار8636
- تاريخ البدء
- 1,364
بشار8636
زيزوومى مميز
غير متصل
ComboFix 09-07-26.03 - بشار 08/04/2009 18:27.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2046.1378 [GMT 4.5:30]
Running from: f:\xp all\ASCII\لضبط\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\recycler\S-1-5-21-1060284298-1897051121-1547161642-1003
c:\recycler\S-1-5-21-1060284298-1897051121-1547161642-1003\desktop.ini
c:\recycler\S-1-5-21-1060284298-1897051121-1547161642-1003\INFO2
c:\windows.0\config.ini
c:\windows.0\system32\Cache
.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-04 13:47 . 2009-08-04 13:47 -------- d-----w- c:\program files\Error Repair Professional
2009-08-04 13:24 . 2009-08-04 13:24 -------- d-----w- c:\windows.0\LastGood
2009-08-04 12:53 . 2009-08-04 13:07 -------- d-----w- c:\program files\nLite
2009-08-04 12:51 . 2009-08-04 13:16 4815680 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM\DwnlData\بشار\kis.en_silent_54\kis.en_silent.exe
2009-08-02 20:38 . 2009-08-04 11:37 -------- dc-h--w- c:\windows.0\ie8
2009-08-02 20:35 . 2009-08-02 20:35 -------- d-----w- c:\program files\ID Security Suite
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\program files\Driver-Soft
2009-08-02 19:34 . 2009-08-02 19:34 -------- d-----w- C:\Temp
2009-08-02 18:18 . 2009-08-02 18:18 -------- d-----w- c:\program files\Trend Micro
2009-08-01 17:18 . 2009-08-01 17:18 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\سطح المكتب
2009-08-01 10:10 . 2009-08-01 10:10 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-07-31 20:09 . 2009-07-31 20:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\page
2009-07-31 19:49 . 2009-03-26 15:35 210352 ----a-w- c:\windows.0\system32\idmmbc.dll
2009-07-31 19:32 . 2009-07-31 19:32 139 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\fusioncache.dat
2009-07-31 19:32 . 2009-07-31 19:33 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\ApplicationHistory
2009-07-31 19:32 . 2009-07-31 19:32 -------- d-----w- c:\windows.0\IIS Temporary Compressed Files
2009-07-31 19:28 . 2009-07-31 19:28 -------- d-----w- c:\windows.0\system32\URTTEMP
2009-07-31 19:26 . 2008-04-15 21:00 43520 ------w- c:\windows.0\system32\admwprox.dll
2009-07-31 19:26 . 2008-04-15 21:00 8192 ------w- c:\windows.0\system32\staxmem.dll
2009-07-31 19:26 . 2008-04-15 21:00 22528 ----a-w- c:\windows.0\system32\lpdsvc.dll
2009-07-31 19:26 . 2008-04-15 21:00 18944 ----a-w- c:\windows.0\system32\lprmon.dll
2009-07-31 19:25 . 2009-08-02 20:26 -------- d-----w- C:\Inetpub
2009-07-31 19:25 . 2009-07-31 19:25 -------- d-----w- c:\windows.0\system32\Logfiles
2009-07-31 17:01 . 2009-07-31 17:35 2162119 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM\DwnlData\بشار\Silverlight_46\Silverlight.exe
2009-07-31 13:51 . 2009-07-31 13:51 -------- d-----w- c:\program files\UselessCreations
2009-07-31 13:31 . 2009-07-31 13:31 0 ----a-w- c:\windows.0\nsreg.dat
2009-07-31 13:31 . 2009-07-31 13:31 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\Mozilla
2009-07-31 13:15 . 2009-07-31 13:15 -------- d-----w- c:\windows.0\system32\wbem\Repository
2009-07-31 13:11 . 2009-07-31 13:11 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\Help
2009-07-31 11:29 . 2009-07-31 11:29 4 ----a-w- c:\windows.0\RegDefrag.dat
2009-07-31 11:12 . 2009-07-31 13:15 -------- d-----w- c:\program files\Registry Compressor
2009-07-31 11:06 . 2009-07-31 13:15 -------- d-----w- c:\program files\Registry Fast
2009-07-31 10:45 . 2009-07-31 10:45 2288 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-31 10:45 . 2009-07-31 13:11 -------- d-----w- c:\windows.0\system32\XPSViewer
2009-07-31 10:45 . 2009-07-31 10:45 -------- d-----w- c:\program files\MSBuild
2009-07-31 10:45 . 2009-07-31 10:45 -------- d-----w- c:\program files\Reference Assemblies
2009-07-31 09:39 . 2009-07-31 09:39 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\Caphyon
2009-07-31 09:38 . 2009-07-31 09:38 -------- d-----w- c:\program files\Caphyon
2009-07-30 20:43 . 2006-08-24 13:15 150808 ----a-w- c:\windows.0\system32\rgb9rast_2.dll
2009-07-30 20:43 . 2008-07-06 12:06 575488 ------w- c:\windows.0\system32\xpsshhdr.dll
2009-07-30 20:43 . 2008-07-06 12:06 1676288 ------w- c:\windows.0\system32\xpssvcs.dll
2009-07-30 20:43 . 2008-07-06 12:06 117760 ------w- c:\windows.0\system32\prntvpt.dll
2009-07-30 20:14 . 2009-07-30 20:14 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\Yahoo
2009-07-30 20:12 . 2009-07-30 20:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-07-30 20:12 . 2009-05-19 07:41 607472 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-07-30 20:12 . 2009-07-30 20:12 -------- d-----w- c:\program files\Yahoo!
2009-07-30 10:24 . 2009-07-30 10:24 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\TVU networks
2009-07-30 10:24 . 2009-07-30 10:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\TVU Networks
2009-07-30 10:24 . 2009-07-30 10:24 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\LocalLow
2009-07-30 10:24 . 2009-07-30 10:24 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\TVU Networks
2009-07-30 09:26 . 2009-07-30 09:26 -------- d-----w- c:\program files\SoftLogica
2009-07-30 06:42 . 2009-07-30 06:43 -------- d-----w- c:\program files\SCC-TDS
2009-07-28 19:47 . 2009-07-31 20:16 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\Ashampoo
2009-07-28 19:47 . 2009-07-28 19:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\ashampoo
2009-07-28 19:47 . 2009-07-28 19:47 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\ashampoo
2009-07-28 19:47 . 2009-07-31 20:21 -------- d-----w- c:\program files\Ashampoo
2009-07-28 19:33 . 2009-07-28 19:33 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\Media Player Classic
2009-07-28 19:27 . 2009-07-28 19:27 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-07-28 19:27 . 2009-07-28 19:27 -------- d-----w- c:\program files\UltraISO
2009-07-28 15:11 . 2009-07-28 15:11 -------- d-----w- C:\TechSmith
2009-07-28 15:01 . 2001-08-17 10:59 3072 ----a-w- c:\windows.0\system32\drivers\audstub.sys
2009-07-28 15:01 . 2008-04-14 18:07 57472 ----a-w- c:\windows.0\system32\drivers\redbook.sys
2009-07-28 15:00 . 2008-04-14 13:59 73728 ----a-w- c:\windows.0\system32\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 13:58 . 2009-07-28 12:16 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\DMCache
2009-08-04 13:25 . 2008-04-15 21:00 91596 ----a-w- c:\windows.0\system32\perfc001.dat
2009-08-04 13:25 . 2008-04-15 21:00 425090 ----a-w- c:\windows.0\system32\perfh001.dat
2009-08-04 13:21 . 2009-07-28 14:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab
2009-08-04 13:21 . 2009-07-25 18:23 -------- d-----w- c:\program files\WinPoET Broadband Connection
2009-08-04 13:21 . 2009-07-28 14:48 16608 ----a-w- c:\windows.0\gdrv.sys
2009-07-31 18:36 . 2009-07-28 12:16 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM
2009-07-31 13:04 . 2009-07-28 12:15 11936 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 10:08 . 2009-07-25 17:12 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-30 06:43 . 2009-07-25 18:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 14:57 . 2009-07-28 14:57 296976 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-28 14:57 . 2009-07-28 14:57 128016 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-28 14:57 . 2009-05-24 11:00 128016 ----a-w- c:\windows.0\system32\drivers\kl1.sys
2009-07-28 14:57 . 2009-07-28 14:57 296976 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-28 14:57 . 2009-07-28 14:57 128016 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-28 14:55 . 2009-07-28 14:55 604140 --sha-w- c:\windows.0\system32\drivers\ISwift3.dat
2009-07-28 14:53 . 2009-07-28 14:53 94643 ----a-w- c:\windows.0\system32\drivers\klick.dat
2009-07-28 14:53 . 2009-07-28 14:53 105395 ----a-w- c:\windows.0\system32\drivers\klin.dat
2009-07-28 14:48 . 2009-07-28 14:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab Setup Files
2009-07-28 14:43 . 2009-07-28 14:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-28 14:43 . 2009-07-25 17:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 14:40 . 2009-07-25 17:37 -------- d-----w- c:\program files\Vtune
2009-07-28 14:13 . 2008-04-15 21:00 218624 ----a-w- c:\windows.0\system32\uxtheme.dll
2009-07-28 14:11 . 2009-07-28 14:11 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\InstallShield
2009-07-28 14:10 . 2009-07-28 09:44 -------- d-----w- c:\program files\Smart Install Maker
2009-07-28 14:09 . 2009-07-28 14:09 198064 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-28 14:00 . 2009-07-28 13:52 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\ShoppingReport
2009-07-28 13:40 . 2009-07-28 13:40 315392 ----a-w- c:\windows.0\HideWin.exe
2009-07-28 13:37 . 2009-07-25 19:15 -------- d-----w- c:\program files\Browser Configuration Utility
2009-07-28 12:39 . 2009-07-28 12:39 552 ----a-w- c:\windows.0\system32\d3d8caps.dat
2009-07-28 12:10 . 2009-07-28 12:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\TechSmith
2009-07-28 12:10 . 2009-07-28 12:10 410984 ----a-w- c:\windows.0\system32\deploytk.dll
2009-07-28 12:08 . 2009-07-25 17:17 6778 ----a-w- c:\program files\un_Internet Download Manager_16575.txt
2009-07-28 12:08 . 2009-07-25 17:17 -------- d-----w- c:\program files\Internet Download Manager
2009-07-28 12:08 . 2009-07-25 17:17 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-28 12:06 . 2009-07-28 12:06 86339 ----a-w- c:\windows.0\pchealth\helpctr\OfflineCache\index.dat
2009-07-28 12:04 . 2009-07-28 12:04 22144 ----a-w- c:\windows.0\system32\emptyregdb.dat
2009-07-28 09:21 . 2009-07-25 17:53 -------- d-----w- c:\documents and settings\بشار\Application Data\DMCache
2009-07-27 10:23 . 2009-07-27 10:23 -------- d-----w- c:\program files\System
2009-07-25 19:22 . 2009-07-25 19:19 -------- d-----w- c:\program files\Realtek
2009-07-25 19:16 . 2009-07-25 19:16 -------- d-----w- c:\program files\Intel
2009-07-25 19:15 . 2009-07-25 17:33 -------- d-----w- c:\program files\GIGABYTE
2009-07-25 19:15 . 2009-07-25 18:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-25 18:21 . 2009-07-25 18:21 -------- d-----w- c:\program files\ANI
2009-07-25 18:21 . 2009-07-25 18:21 -------- d-----w- c:\program files\D-Link
2009-07-25 18:20 . 2009-07-25 18:20 -------- d-----w- c:\documents and settings\بشار\Application Data\InstallShield
2009-07-25 17:58 . 2009-07-25 17:58 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-25 17:54 . 2009-07-25 17:53 -------- d-----w- c:\documents and settings\بشار\Application Data\IDM
2009-07-25 17:53 . 2009-07-25 17:53 198064 ----a-w- c:\documents and settings\بشار\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-25 17:52 . 2009-07-25 17:52 11744 ----a-w- c:\documents and settings\بشار\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 17:20 . 2009-07-25 17:20 -------- d-----w- c:\program files\microsoft frontpage
2009-07-25 17:19 . 2009-07-25 17:19 -------- d-----w- c:\program files\TechSmith
2009-07-25 17:19 . 2009-07-25 17:19 -------- d-----w- c:\program files\Java
2009-07-25 17:17 . 2009-07-25 17:17 -------- d-----w- c:\program files\CCleaner
2009-07-25 17:16 . 2009-07-25 17:16 -------- d-----w- c:\program files\MSXML 4.0
2009-06-16 14:36 . 2008-04-15 21:00 81920 ----a-w- c:\windows.0\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-15 21:00 119808 ----a-w- c:\windows.0\system32\t2embed.dll
2009-06-06 23:12 . 2009-06-06 23:12 1571328 ----a-w- c:\windows.0\system32\sfcfiles.dll
2009-06-05 22:20 . 2009-07-28 12:15 3597445 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Internet Download Manager.exe
2009-06-05 22:20 . 2009-07-28 12:12 3597445 ----a-w- c:\windows.0\system32\config\systemprofile\Internet Download Manager.exe
2009-06-05 22:20 . 2009-07-25 17:51 3597445 ----a-w- c:\documents and settings\بشار\Internet Download Manager.exe
2009-06-05 22:20 . 2009-06-05 22:20 3597445 ----a-w- c:\documents and settings\Default User\Internet Download Manager.exe
2009-06-05 22:20 . 2009-06-05 22:20 3597445 ----a-w- c:\documents and settings\Default User.WINDOWS.0\Internet Download Manager.exe
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-03 19:11 . 2009-05-31 06:16 1289216 ----a-w- c:\windows.0\system32\quartz.dll
2009-05-31 06:46 . 2001-09-18 11:06 77891 ----a-w- c:\windows.0\system32\usrmlnka.exe
2009-05-31 06:17 . 2009-05-31 06:17 938496 ----a-w- c:\windows.0\system32\wmnetmgr.dll
2009-05-31 06:17 . 2009-05-31 06:17 100864 ----a-w- c:\windows.0\system32\logagent.exe
2009-05-31 06:16 . 2009-05-31 06:16 354304 ----a-w- c:\windows.0\system32\winhttp.dll
2009-05-31 06:16 . 2009-05-31 06:16 144896 ----a-w- c:\windows.0\system32\schannel.dll
2009-05-31 06:16 . 2009-05-31 06:16 56832 ----a-w- c:\windows.0\system32\secur32.dll
2009-05-31 06:15 . 2009-05-31 06:15 1847424 ----a-w- c:\windows.0\system32\win32k.sys
2009-05-31 06:15 . 2009-05-31 06:15 333952 ----a-w- c:\windows.0\system32\drivers\srv.sys
2009-05-31 06:15 . 2009-05-31 06:15 455936 ----a-w- c:\windows.0\system32\drivers\mrxsmb.sys
2009-05-31 06:15 . 2009-05-31 06:15 138496 ----a-w- c:\windows.0\system32\drivers\afd.sys
2009-05-31 06:15 . 2009-05-31 06:15 286720 ----a-w- c:\windows.0\system32\gdi32.dll
2009-05-31 06:15 . 2009-07-28 12:03 227840 ----a-w- c:\windows.0\system32\wbem\wmiprvse.exe
2009-05-31 06:15 . 2009-07-28 12:03 453120 ----a-w- c:\windows.0\system32\wbem\wmiprvsd.dll
2009-05-31 06:15 . 2009-05-31 06:15 35328 ----a-w- c:\windows.0\system32\sc.exe
2009-05-31 06:15 . 2009-05-31 06:15 110592 ----a-w- c:\windows.0\system32\services.exe
2009-05-31 06:15 . 2009-05-31 06:15 401408 ----a-w- c:\windows.0\system32\rpcss.dll
2009-05-31 06:15 . 2009-05-31 06:15 283136 ----a-w- c:\windows.0\system32\pdh.dll
2009-05-31 06:15 . 2009-05-31 06:15 2308096 ----a-w- c:\windows.0\system32\ntoskrnl.exe
2009-05-31 06:14 . 2009-05-31 06:14 723456 ----a-w- c:\windows.0\system32\lsasrv.dll
2009-05-31 06:14 . 2009-07-28 12:02 473600 ----a-w- c:\windows.0\system32\wbem\fastprox.dll
2009-05-31 06:14 . 2009-05-31 06:14 681472 ----a-w- c:\windows.0\system32\advapi32.dll
2009-05-31 06:14 . 2009-05-31 06:14 1106944 ----a-w- c:\windows.0\system32\msxml3.dll
2009-05-31 06:14 . 2009-05-31 06:14 247326 ----a-w- c:\windows.0\system32\strmdll.dll
2009-05-31 06:14 . 2009-05-31 06:14 1379840 ----a-w- c:\windows.0\system32\msxml6.dll
2009-05-31 06:14 . 2009-05-31 06:14 104960 ----a-w- c:\windows.0\system32\win32spl.dll
2009-05-31 06:14 . 2009-05-31 06:14 74752 ----a-w- c:\windows.0\system32\msw3prt.dll
2009-05-31 06:14 . 2009-05-31 06:14 74240 ----a-w- c:\windows.0\system32\mscms.dll
2009-05-31 06:13 . 2009-07-28 12:03 91648 ----a-w- c:\windows.0\system32\mtxoci.dll
2009-05-31 06:13 . 2009-07-28 12:03 161792 ----a-w- c:\windows.0\system32\msdtcuiu.dll
2009-05-31 06:13 . 2009-05-31 06:13 66560 ----a-w- c:\windows.0\system32\mtxclu.dll
2009-05-31 06:13 . 2009-07-28 12:03 956928 ----a-w- c:\windows.0\system32\msdtctm.dll
2009-05-31 06:13 . 2009-07-28 12:03 428032 ----a-w- c:\windows.0\system32\msdtcprx.dll
2009-05-31 06:13 . 2009-07-28 12:03 58880 ----a-w- c:\windows.0\system32\msdtclog.dll
2009-05-31 06:13 . 2009-05-31 06:13 225856 ----a-w- c:\windows.0\system32\drivers\tcpip6.sys
2009-05-31 06:13 . 2009-05-31 06:13 361600 ----a-w- c:\windows.0\system32\drivers\tcpip.sys
2009-04-24 04:52 . 2009-07-25 17:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[7] 2009-05-31 06:52 2025472 76BB96905C088A4DC1E760BE57769E65 c:\windows.0\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-05-31 06:52 2186752 6F0647386A30A1B5B17998074ACD1ADC c:\windows.0\system32\ntkrnlpa.exe
[7] 2009-05-31 06:15 2146816 2981A8D3F73DF0120A027FC42ED5A151 c:\windows.0\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-05-31 06:15 2308096 4D0A8B021F7B0483D20A00BDD7C0F1ED c:\windows.0\system32\ntoskrnl.exe
[-] 2008-04-15 21:00 1539584 986700AA8F81CE652AD770B87402262F c:\windows.0\explorer.exe
[7] 2008-04-15 21:00 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows.0\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2009-06-06 23:12 1571328 46044F23D214FBB2939C9B4CC5AF62EE c:\windows.0\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\ctfmon.exe" [2008-04-15 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-12-03 2158592]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-19 5063920]
"ErrorRepairPro"="c:\program files\Error Repair Professional\autostart.exe" [2008-02-17 497664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-28 148888]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless 108G DWA-520"="c:\program files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe" [2007-05-04 1662976]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2008-12-03 13672448]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2008-12-03 86016]
"nwiz"="nwiz.exe" - c:\windows.0\system32\nwiz.exe [2008-12-03 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows.0\RTHDCPL.exe [2008-02-13 16857600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows.0\system32\advpack.dll [2008-08-21 128512]
c:\documents and settings\All Users.WINDOWS.0\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows.0\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R0 ulsata2;ulsata2;c:\windows.0\system32\drivers\ulsata2.sys [18/09/2008 07:12 ص 124928]
R2 ES lite Service;ES lite Service for program management.;c:\program files\GIGABYTE\EasySaver\essvr.exe [25/07/2009 11:45 م 80392]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows.0\system32\drivers\A3AB.sys [25/07/2009 10:51 م 472832]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows.0\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows.0\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
S3 WrKPoET2000;WrKPoET2000;c:\program files\WinPoET Broadband Connection\WrKPoET2000.sys [25/07/2009 10:53 م 52354]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
.
------- Supplementary Scan -------
.
IE: أضافة إلى مانع الأعلانات - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows.0\system32\idmmbc.dll
TCP: {F1F62DE6-5863-42CA-8E28-FAD49FFDFE4D} = 77.237.42.205 77.237.63.201
FF - ProfilePath - c:\documents and settings\بشار.ANASBARAKAT\Application Data\Mozilla\Firefox\Profiles\zaebzcmb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-08-04 18:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\windows.0\system32\SETUPAPI.dll
- - - - - - - > 'lsass.exe'(916)
c:\windows.0\system32\setupapi.dll
c:\windows.0\system32\idmmbc.dll
.
Completion time: 2009-08-04 18:29
ComboFix-quarantined-files.txt 2009-08-04 13:59
Pre-Run: 17,532,628,992 bytes free
Post-Run: 17,515,229,184 bytes free
287 --- E O F --- 2009-08-04 11:43
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2046.1378 [GMT 4.5:30]
Running from: f:\xp all\ASCII\لضبط\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\recycler\S-1-5-21-1060284298-1897051121-1547161642-1003
c:\recycler\S-1-5-21-1060284298-1897051121-1547161642-1003\desktop.ini
c:\recycler\S-1-5-21-1060284298-1897051121-1547161642-1003\INFO2
c:\windows.0\config.ini
c:\windows.0\system32\Cache
.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-04 13:47 . 2009-08-04 13:47 -------- d-----w- c:\program files\Error Repair Professional
2009-08-04 13:24 . 2009-08-04 13:24 -------- d-----w- c:\windows.0\LastGood
2009-08-04 12:53 . 2009-08-04 13:07 -------- d-----w- c:\program files\nLite
2009-08-04 12:51 . 2009-08-04 13:16 4815680 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM\DwnlData\بشار\kis.en_silent_54\kis.en_silent.exe
2009-08-02 20:38 . 2009-08-04 11:37 -------- dc-h--w- c:\windows.0\ie8
2009-08-02 20:35 . 2009-08-02 20:35 -------- d-----w- c:\program files\ID Security Suite
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\program files\Driver-Soft
2009-08-02 19:34 . 2009-08-02 19:34 -------- d-----w- C:\Temp
2009-08-02 18:18 . 2009-08-02 18:18 -------- d-----w- c:\program files\Trend Micro
2009-08-01 17:18 . 2009-08-01 17:18 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\سطح المكتب
2009-08-01 10:10 . 2009-08-01 10:10 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-07-31 20:09 . 2009-07-31 20:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\page
2009-07-31 19:49 . 2009-03-26 15:35 210352 ----a-w- c:\windows.0\system32\idmmbc.dll
2009-07-31 19:32 . 2009-07-31 19:32 139 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\fusioncache.dat
2009-07-31 19:32 . 2009-07-31 19:33 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\ApplicationHistory
2009-07-31 19:32 . 2009-07-31 19:32 -------- d-----w- c:\windows.0\IIS Temporary Compressed Files
2009-07-31 19:28 . 2009-07-31 19:28 -------- d-----w- c:\windows.0\system32\URTTEMP
2009-07-31 19:26 . 2008-04-15 21:00 43520 ------w- c:\windows.0\system32\admwprox.dll
2009-07-31 19:26 . 2008-04-15 21:00 8192 ------w- c:\windows.0\system32\staxmem.dll
2009-07-31 19:26 . 2008-04-15 21:00 22528 ----a-w- c:\windows.0\system32\lpdsvc.dll
2009-07-31 19:26 . 2008-04-15 21:00 18944 ----a-w- c:\windows.0\system32\lprmon.dll
2009-07-31 19:25 . 2009-08-02 20:26 -------- d-----w- C:\Inetpub
2009-07-31 19:25 . 2009-07-31 19:25 -------- d-----w- c:\windows.0\system32\Logfiles
2009-07-31 17:01 . 2009-07-31 17:35 2162119 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM\DwnlData\بشار\Silverlight_46\Silverlight.exe
2009-07-31 13:51 . 2009-07-31 13:51 -------- d-----w- c:\program files\UselessCreations
2009-07-31 13:31 . 2009-07-31 13:31 0 ----a-w- c:\windows.0\nsreg.dat
2009-07-31 13:31 . 2009-07-31 13:31 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\Mozilla
2009-07-31 13:15 . 2009-07-31 13:15 -------- d-----w- c:\windows.0\system32\wbem\Repository
2009-07-31 13:11 . 2009-07-31 13:11 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\Help
2009-07-31 11:29 . 2009-07-31 11:29 4 ----a-w- c:\windows.0\RegDefrag.dat
2009-07-31 11:12 . 2009-07-31 13:15 -------- d-----w- c:\program files\Registry Compressor
2009-07-31 11:06 . 2009-07-31 13:15 -------- d-----w- c:\program files\Registry Fast
2009-07-31 10:45 . 2009-07-31 10:45 2288 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-31 10:45 . 2009-07-31 13:11 -------- d-----w- c:\windows.0\system32\XPSViewer
2009-07-31 10:45 . 2009-07-31 10:45 -------- d-----w- c:\program files\MSBuild
2009-07-31 10:45 . 2009-07-31 10:45 -------- d-----w- c:\program files\Reference Assemblies
2009-07-31 09:39 . 2009-07-31 09:39 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\Caphyon
2009-07-31 09:38 . 2009-07-31 09:38 -------- d-----w- c:\program files\Caphyon
2009-07-30 20:43 . 2006-08-24 13:15 150808 ----a-w- c:\windows.0\system32\rgb9rast_2.dll
2009-07-30 20:43 . 2008-07-06 12:06 575488 ------w- c:\windows.0\system32\xpsshhdr.dll
2009-07-30 20:43 . 2008-07-06 12:06 1676288 ------w- c:\windows.0\system32\xpssvcs.dll
2009-07-30 20:43 . 2008-07-06 12:06 117760 ------w- c:\windows.0\system32\prntvpt.dll
2009-07-30 20:14 . 2009-07-30 20:14 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\Yahoo
2009-07-30 20:12 . 2009-07-30 20:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-07-30 20:12 . 2009-05-19 07:41 607472 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-07-30 20:12 . 2009-07-30 20:12 -------- d-----w- c:\program files\Yahoo!
2009-07-30 10:24 . 2009-07-30 10:24 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\TVU networks
2009-07-30 10:24 . 2009-07-30 10:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\TVU Networks
2009-07-30 10:24 . 2009-07-30 10:24 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\LocalLow
2009-07-30 10:24 . 2009-07-30 10:24 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\TVU Networks
2009-07-30 09:26 . 2009-07-30 09:26 -------- d-----w- c:\program files\SoftLogica
2009-07-30 06:42 . 2009-07-30 06:43 -------- d-----w- c:\program files\SCC-TDS
2009-07-28 19:47 . 2009-07-31 20:16 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\Ashampoo
2009-07-28 19:47 . 2009-07-28 19:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\ashampoo
2009-07-28 19:47 . 2009-07-28 19:47 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\ashampoo
2009-07-28 19:47 . 2009-07-31 20:21 -------- d-----w- c:\program files\Ashampoo
2009-07-28 19:33 . 2009-07-28 19:33 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\Media Player Classic
2009-07-28 19:27 . 2009-07-28 19:27 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-07-28 19:27 . 2009-07-28 19:27 -------- d-----w- c:\program files\UltraISO
2009-07-28 15:11 . 2009-07-28 15:11 -------- d-----w- C:\TechSmith
2009-07-28 15:01 . 2001-08-17 10:59 3072 ----a-w- c:\windows.0\system32\drivers\audstub.sys
2009-07-28 15:01 . 2008-04-14 18:07 57472 ----a-w- c:\windows.0\system32\drivers\redbook.sys
2009-07-28 15:00 . 2008-04-14 13:59 73728 ----a-w- c:\windows.0\system32\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 13:58 . 2009-07-28 12:16 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\DMCache
2009-08-04 13:25 . 2008-04-15 21:00 91596 ----a-w- c:\windows.0\system32\perfc001.dat
2009-08-04 13:25 . 2008-04-15 21:00 425090 ----a-w- c:\windows.0\system32\perfh001.dat
2009-08-04 13:21 . 2009-07-28 14:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab
2009-08-04 13:21 . 2009-07-25 18:23 -------- d-----w- c:\program files\WinPoET Broadband Connection
2009-08-04 13:21 . 2009-07-28 14:48 16608 ----a-w- c:\windows.0\gdrv.sys
2009-07-31 18:36 . 2009-07-28 12:16 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM
2009-07-31 13:04 . 2009-07-28 12:15 11936 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 10:08 . 2009-07-25 17:12 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-30 06:43 . 2009-07-25 18:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 14:57 . 2009-07-28 14:57 296976 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-28 14:57 . 2009-07-28 14:57 128016 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-28 14:57 . 2009-05-24 11:00 128016 ----a-w- c:\windows.0\system32\drivers\kl1.sys
2009-07-28 14:57 . 2009-07-28 14:57 296976 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-28 14:57 . 2009-07-28 14:57 128016 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-28 14:55 . 2009-07-28 14:55 604140 --sha-w- c:\windows.0\system32\drivers\ISwift3.dat
2009-07-28 14:53 . 2009-07-28 14:53 94643 ----a-w- c:\windows.0\system32\drivers\klick.dat
2009-07-28 14:53 . 2009-07-28 14:53 105395 ----a-w- c:\windows.0\system32\drivers\klin.dat
2009-07-28 14:48 . 2009-07-28 14:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab Setup Files
2009-07-28 14:43 . 2009-07-28 14:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-28 14:43 . 2009-07-25 17:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 14:40 . 2009-07-25 17:37 -------- d-----w- c:\program files\Vtune
2009-07-28 14:13 . 2008-04-15 21:00 218624 ----a-w- c:\windows.0\system32\uxtheme.dll
2009-07-28 14:11 . 2009-07-28 14:11 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\InstallShield
2009-07-28 14:10 . 2009-07-28 09:44 -------- d-----w- c:\program files\Smart Install Maker
2009-07-28 14:09 . 2009-07-28 14:09 198064 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-28 14:00 . 2009-07-28 13:52 -------- d-----w- c:\documents and settings\بشار.ANASBARAKAT\Application Data\ShoppingReport
2009-07-28 13:40 . 2009-07-28 13:40 315392 ----a-w- c:\windows.0\HideWin.exe
2009-07-28 13:37 . 2009-07-25 19:15 -------- d-----w- c:\program files\Browser Configuration Utility
2009-07-28 12:39 . 2009-07-28 12:39 552 ----a-w- c:\windows.0\system32\d3d8caps.dat
2009-07-28 12:10 . 2009-07-28 12:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\TechSmith
2009-07-28 12:10 . 2009-07-28 12:10 410984 ----a-w- c:\windows.0\system32\deploytk.dll
2009-07-28 12:08 . 2009-07-25 17:17 6778 ----a-w- c:\program files\un_Internet Download Manager_16575.txt
2009-07-28 12:08 . 2009-07-25 17:17 -------- d-----w- c:\program files\Internet Download Manager
2009-07-28 12:08 . 2009-07-25 17:17 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-28 12:06 . 2009-07-28 12:06 86339 ----a-w- c:\windows.0\pchealth\helpctr\OfflineCache\index.dat
2009-07-28 12:04 . 2009-07-28 12:04 22144 ----a-w- c:\windows.0\system32\emptyregdb.dat
2009-07-28 09:21 . 2009-07-25 17:53 -------- d-----w- c:\documents and settings\بشار\Application Data\DMCache
2009-07-27 10:23 . 2009-07-27 10:23 -------- d-----w- c:\program files\System
2009-07-25 19:22 . 2009-07-25 19:19 -------- d-----w- c:\program files\Realtek
2009-07-25 19:16 . 2009-07-25 19:16 -------- d-----w- c:\program files\Intel
2009-07-25 19:15 . 2009-07-25 17:33 -------- d-----w- c:\program files\GIGABYTE
2009-07-25 19:15 . 2009-07-25 18:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-25 18:21 . 2009-07-25 18:21 -------- d-----w- c:\program files\ANI
2009-07-25 18:21 . 2009-07-25 18:21 -------- d-----w- c:\program files\D-Link
2009-07-25 18:20 . 2009-07-25 18:20 -------- d-----w- c:\documents and settings\بشار\Application Data\InstallShield
2009-07-25 17:58 . 2009-07-25 17:58 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-25 17:54 . 2009-07-25 17:53 -------- d-----w- c:\documents and settings\بشار\Application Data\IDM
2009-07-25 17:53 . 2009-07-25 17:53 198064 ----a-w- c:\documents and settings\بشار\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-25 17:52 . 2009-07-25 17:52 11744 ----a-w- c:\documents and settings\بشار\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 17:20 . 2009-07-25 17:20 -------- d-----w- c:\program files\microsoft frontpage
2009-07-25 17:19 . 2009-07-25 17:19 -------- d-----w- c:\program files\TechSmith
2009-07-25 17:19 . 2009-07-25 17:19 -------- d-----w- c:\program files\Java
2009-07-25 17:17 . 2009-07-25 17:17 -------- d-----w- c:\program files\CCleaner
2009-07-25 17:16 . 2009-07-25 17:16 -------- d-----w- c:\program files\MSXML 4.0
2009-06-16 14:36 . 2008-04-15 21:00 81920 ----a-w- c:\windows.0\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-15 21:00 119808 ----a-w- c:\windows.0\system32\t2embed.dll
2009-06-06 23:12 . 2009-06-06 23:12 1571328 ----a-w- c:\windows.0\system32\sfcfiles.dll
2009-06-05 22:20 . 2009-07-28 12:15 3597445 ----a-w- c:\documents and settings\بشار.ANASBARAKAT\Internet Download Manager.exe
2009-06-05 22:20 . 2009-07-28 12:12 3597445 ----a-w- c:\windows.0\system32\config\systemprofile\Internet Download Manager.exe
2009-06-05 22:20 . 2009-07-25 17:51 3597445 ----a-w- c:\documents and settings\بشار\Internet Download Manager.exe
2009-06-05 22:20 . 2009-06-05 22:20 3597445 ----a-w- c:\documents and settings\Default User\Internet Download Manager.exe
2009-06-05 22:20 . 2009-06-05 22:20 3597445 ----a-w- c:\documents and settings\Default User.WINDOWS.0\Internet Download Manager.exe
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-03 19:11 . 2009-05-31 06:16 1289216 ----a-w- c:\windows.0\system32\quartz.dll
2009-05-31 06:46 . 2001-09-18 11:06 77891 ----a-w- c:\windows.0\system32\usrmlnka.exe
2009-05-31 06:17 . 2009-05-31 06:17 938496 ----a-w- c:\windows.0\system32\wmnetmgr.dll
2009-05-31 06:17 . 2009-05-31 06:17 100864 ----a-w- c:\windows.0\system32\logagent.exe
2009-05-31 06:16 . 2009-05-31 06:16 354304 ----a-w- c:\windows.0\system32\winhttp.dll
2009-05-31 06:16 . 2009-05-31 06:16 144896 ----a-w- c:\windows.0\system32\schannel.dll
2009-05-31 06:16 . 2009-05-31 06:16 56832 ----a-w- c:\windows.0\system32\secur32.dll
2009-05-31 06:15 . 2009-05-31 06:15 1847424 ----a-w- c:\windows.0\system32\win32k.sys
2009-05-31 06:15 . 2009-05-31 06:15 333952 ----a-w- c:\windows.0\system32\drivers\srv.sys
2009-05-31 06:15 . 2009-05-31 06:15 455936 ----a-w- c:\windows.0\system32\drivers\mrxsmb.sys
2009-05-31 06:15 . 2009-05-31 06:15 138496 ----a-w- c:\windows.0\system32\drivers\afd.sys
2009-05-31 06:15 . 2009-05-31 06:15 286720 ----a-w- c:\windows.0\system32\gdi32.dll
2009-05-31 06:15 . 2009-07-28 12:03 227840 ----a-w- c:\windows.0\system32\wbem\wmiprvse.exe
2009-05-31 06:15 . 2009-07-28 12:03 453120 ----a-w- c:\windows.0\system32\wbem\wmiprvsd.dll
2009-05-31 06:15 . 2009-05-31 06:15 35328 ----a-w- c:\windows.0\system32\sc.exe
2009-05-31 06:15 . 2009-05-31 06:15 110592 ----a-w- c:\windows.0\system32\services.exe
2009-05-31 06:15 . 2009-05-31 06:15 401408 ----a-w- c:\windows.0\system32\rpcss.dll
2009-05-31 06:15 . 2009-05-31 06:15 283136 ----a-w- c:\windows.0\system32\pdh.dll
2009-05-31 06:15 . 2009-05-31 06:15 2308096 ----a-w- c:\windows.0\system32\ntoskrnl.exe
2009-05-31 06:14 . 2009-05-31 06:14 723456 ----a-w- c:\windows.0\system32\lsasrv.dll
2009-05-31 06:14 . 2009-07-28 12:02 473600 ----a-w- c:\windows.0\system32\wbem\fastprox.dll
2009-05-31 06:14 . 2009-05-31 06:14 681472 ----a-w- c:\windows.0\system32\advapi32.dll
2009-05-31 06:14 . 2009-05-31 06:14 1106944 ----a-w- c:\windows.0\system32\msxml3.dll
2009-05-31 06:14 . 2009-05-31 06:14 247326 ----a-w- c:\windows.0\system32\strmdll.dll
2009-05-31 06:14 . 2009-05-31 06:14 1379840 ----a-w- c:\windows.0\system32\msxml6.dll
2009-05-31 06:14 . 2009-05-31 06:14 104960 ----a-w- c:\windows.0\system32\win32spl.dll
2009-05-31 06:14 . 2009-05-31 06:14 74752 ----a-w- c:\windows.0\system32\msw3prt.dll
2009-05-31 06:14 . 2009-05-31 06:14 74240 ----a-w- c:\windows.0\system32\mscms.dll
2009-05-31 06:13 . 2009-07-28 12:03 91648 ----a-w- c:\windows.0\system32\mtxoci.dll
2009-05-31 06:13 . 2009-07-28 12:03 161792 ----a-w- c:\windows.0\system32\msdtcuiu.dll
2009-05-31 06:13 . 2009-05-31 06:13 66560 ----a-w- c:\windows.0\system32\mtxclu.dll
2009-05-31 06:13 . 2009-07-28 12:03 956928 ----a-w- c:\windows.0\system32\msdtctm.dll
2009-05-31 06:13 . 2009-07-28 12:03 428032 ----a-w- c:\windows.0\system32\msdtcprx.dll
2009-05-31 06:13 . 2009-07-28 12:03 58880 ----a-w- c:\windows.0\system32\msdtclog.dll
2009-05-31 06:13 . 2009-05-31 06:13 225856 ----a-w- c:\windows.0\system32\drivers\tcpip6.sys
2009-05-31 06:13 . 2009-05-31 06:13 361600 ----a-w- c:\windows.0\system32\drivers\tcpip.sys
2009-04-24 04:52 . 2009-07-25 17:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[7] 2009-05-31 06:52 2025472 76BB96905C088A4DC1E760BE57769E65 c:\windows.0\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-05-31 06:52 2186752 6F0647386A30A1B5B17998074ACD1ADC c:\windows.0\system32\ntkrnlpa.exe
[7] 2009-05-31 06:15 2146816 2981A8D3F73DF0120A027FC42ED5A151 c:\windows.0\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-05-31 06:15 2308096 4D0A8B021F7B0483D20A00BDD7C0F1ED c:\windows.0\system32\ntoskrnl.exe
[-] 2008-04-15 21:00 1539584 986700AA8F81CE652AD770B87402262F c:\windows.0\explorer.exe
[7] 2008-04-15 21:00 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows.0\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2009-06-06 23:12 1571328 46044F23D214FBB2939C9B4CC5AF62EE c:\windows.0\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\ctfmon.exe" [2008-04-15 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-12-03 2158592]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-19 5063920]
"ErrorRepairPro"="c:\program files\Error Repair Professional\autostart.exe" [2008-02-17 497664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-28 148888]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless 108G DWA-520"="c:\program files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe" [2007-05-04 1662976]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2008-12-03 13672448]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2008-12-03 86016]
"nwiz"="nwiz.exe" - c:\windows.0\system32\nwiz.exe [2008-12-03 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows.0\RTHDCPL.exe [2008-02-13 16857600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows.0\system32\advpack.dll [2008-08-21 128512]
c:\documents and settings\All Users.WINDOWS.0\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows.0\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R0 ulsata2;ulsata2;c:\windows.0\system32\drivers\ulsata2.sys [18/09/2008 07:12 ص 124928]
R2 ES lite Service;ES lite Service for program management.;c:\program files\GIGABYTE\EasySaver\essvr.exe [25/07/2009 11:45 م 80392]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows.0\system32\drivers\A3AB.sys [25/07/2009 10:51 م 472832]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows.0\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows.0\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
S3 WrKPoET2000;WrKPoET2000;c:\program files\WinPoET Broadband Connection\WrKPoET2000.sys [25/07/2009 10:53 م 52354]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
.
------- Supplementary Scan -------
.
IE: أضافة إلى مانع الأعلانات - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows.0\system32\idmmbc.dll
TCP: {F1F62DE6-5863-42CA-8E28-FAD49FFDFE4D} = 77.237.42.205 77.237.63.201
FF - ProfilePath - c:\documents and settings\بشار.ANASBARAKAT\Application Data\Mozilla\Firefox\Profiles\zaebzcmb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\بشار.ANASBARAKAT\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-08-04 18:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\windows.0\system32\SETUPAPI.dll
- - - - - - - > 'lsass.exe'(916)
c:\windows.0\system32\setupapi.dll
c:\windows.0\system32\idmmbc.dll
.
Completion time: 2009-08-04 18:29
ComboFix-quarantined-files.txt 2009-08-04 13:59
Pre-Run: 17,532,628,992 bytes free
Post-Run: 17,515,229,184 bytes free
287 --- E O F --- 2009-08-04 11:43
توقيع : بشار8636
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تم حذف بعض الفايروسات من جهازك
ادخل على هالصفحة ونزل اداة المكافي
وبعد الانتهاء من الفحص ادخل على الـ C بتشوف ملف اسمه noor_mcafee
ارفعه لنا
ادخل على هالصفحة ونزل اداة المكافي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبعد الانتهاء من الفحص ادخل على الـ C بتشوف ملف اسمه noor_mcafee
ارفعه لنا
توقيع : Al jNtEeL
تأييد
0
alfoud
زيزوومى فضى
غير متصل
تفضل يا أخي هذة أداة لإصلاح إكسبلورر من ميكروسوفت حملها من الرابط التالي:-
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد تحميل الأداة شغلها وتابع الخطوات حتى تنتهي وإن شاء الله تنحل مشكلتك ,, لأن بصراحة كان عندي مشاكل في إكسبلورر الإصدار 8 وبعد إستخدام هذة الأداة رجع إكسبلورر 8 جديد كأني توني مثبته,,,
أتمنى موافاتي بالنتيجة ,, في إنتظارك ,,,
توقيع : alfoud
تأييد
0