السومري
زيزوومي جديد
غير متصل
السلام عليكم اخواني.............
عندي خلل من اضغط كنترول الت دليت
تظهر هذه الصوره
....
ويحدث عندي انقطاع بالنت....
استخدم مودم امنيه....للانترنت
........وهذا تقرير كوفيكس
..........................................................................
ComboFix 09-05-22.05 - ابواب لل 07/31/2009 14:20.9 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.964.1033.18.503.194 [GMT 4:00]
Running from: f:\new defence\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ابوابل~1\LOCALS~1\Temp\.com
c:\documents and settings\ابواب لل\Local Settings\Temp\.com
c:\program files\alexa toolbar
c:\program files\alexa toolbar\uninstall.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 08:16 . 2009-07-31 08:17 -------- d-----w c:\program files\ZTE Wireless Terminal
2009-07-25 07:03 . 2009-07-25 07:03 -------- d-----w c:\windows\system32\dllcache\cache
2009-07-23 19:36 . 2009-07-23 19:37 116144 ----a-w c:\documents and settings\ابواب للحا\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w c:\documents and settings\ابواب للحا\Application Data\IDM
2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w c:\documents and settings\ابواب للحا\Application Data\DMCache
2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w c:\program files\Internet Download Manager
2009-07-20 22:21 . 2009-07-20 22:59 2452 ----a-w c:\windows\system32\Kadmiwe.dll
2009-07-12 06:19 . 2009-07-12 06:19 -------- d-----w c:\documents and settings\ابواب للحا\Local Settings\Application Data\WMTools Downloaded Files
2009-07-10 16:59 . 2009-07-10 16:59 -------- d-----w C:\!KillBox
2009-07-09 18:17 . 2009-07-09 18:17 -------- d-----w c:\documents and settings\ابواب للحا\Local Settings\Application Data\Identities
2009-07-09 16:47 . 2009-07-10 06:29 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-07-09 16:47 . 2009-07-10 06:29 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-07-09 10:19 . 2009-07-09 10:19 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 10:21 . 2009-06-03 13:08 12 ----a-w c:\windows\bthservsdp.dat
2009-07-10 06:29 . 2009-07-09 16:47 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-07-10 06:29 . 2009-07-09 16:47 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-07-08 10:19 . 2009-06-22 22:14 75976 ----a-w c:\documents and settings\ابواب للحا\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 06:04 . 2009-06-25 06:04 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-06-25 06:04 . 2009-06-25 06:04 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-06-25 06:04 . 2009-06-25 06:04 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-06-25 06:04 . 2009-06-25 06:03 -------- d-----w c:\program files\Common Files\MicroWorld
2009-06-25 06:03 . 2009-06-25 06:03 -------- d-----w c:\documents and settings\All Users\Application Data\MicroWorld
2009-06-24 08:02 . 2009-06-24 08:02 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-06-24 08:02 . 2009-06-24 08:02 -------- d-----w c:\program files\TechSmith
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\VLBRV5JZ.DAT
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\7VFTBVJP.DAT
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\PZN937LF.DAT
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\BVRV9FD3.DAT
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\6L317ZBD.DAT
2009-06-19 16:08 . 2009-06-19 16:08 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-06-19 16:08 . 2009-06-19 16:08 -------- d-----w c:\documents and settings\ابواب للحا\Application Data\skypePM
2009-06-19 16:06 . 2009-06-19 16:06 -------- d-----w c:\documents and settings\ابواب للحا\Application Data\Skype
2009-06-19 16:06 . 2009-06-19 16:06 -------- d-----w c:\program files\Skype
2009-06-19 16:06 . 2009-06-19 16:06 -------- d-----w c:\program files\Common Files\Skype
2009-06-19 16:05 . 2009-06-19 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-06-09 23:41 . 2009-06-09 23:41 -------- d-----w c:\program files\Windows Live
2009-06-03 14:40 . 2009-06-03 14:40 -------- d-----w c:\program files\SWiSHmax
2009-05-23 11:25 . 2009-05-23 11:25 206479 ----a-w c:\windows\system32\Kadmiwe.com
2009-05-19 03:18 . 2009-05-19 03:18 87328 ----a-w c:\windows\system32\bcmwlcoi.dll
2009-05-19 03:18 . 2009-05-19 03:18 1123328 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2009-05-19 02:59 . 2009-05-18 19:46 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-06-24_08.19.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-31 10:22 . 2009-07-31 10:22 16384 c:\windows\temp\Perflib_Perfdata_740.dat
+ 2009-07-19 17:46 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0008\DriverFiles\zteusbser.sys
+ 2009-05-01 09:38 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0007\DriverFiles\zteusbser.sys
+ 2009-04-26 17:48 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0006\DriverFiles\zteusbser.sys
- 2009-06-14 18:16 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0006\DriverFiles\zteusbser.sys
- 2009-06-23 15:16 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0005\DriverFiles\zteusbser.sys
+ 2009-07-16 06:52 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0005\DriverFiles\zteusbser.sys
+ 2009-07-25 17:44 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0003\DriverFiles\zteusbser.sys
- 2009-06-20 18:43 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0003\DriverFiles\zteusbser.sys
- 2004-05-23 08:00 . 2009-06-24 08:01 52536 c:\windows\system32\perfc009.dat
+ 2004-05-23 08:00 . 2009-07-31 08:28 52536 c:\windows\system32\perfc009.dat
+ 2009-04-29 09:58 . 2006-04-07 23:13 90112 c:\windows\system32\dpl100.dll
- 2009-06-12 06:30 . 2006-04-07 23:13 90112 c:\windows\system32\dpl100.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 89088 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-07-25 07:03 . 2004-05-23 08:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-07-25 07:03 . 2004-05-23 08:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2009-02-01 16:37 . 2009-02-01 16:37 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2009-05-18 19:50 . 2009-05-20 14:08 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-04-29 09:58 . 1998-05-12 16:36 5632 c:\windows\system32\pndx5032.dll
- 2009-06-12 06:30 . 1998-05-12 16:36 5632 c:\windows\system32\pndx5032.dll
+ 2009-04-29 09:58 . 1998-03-26 00:57 6656 c:\windows\system32\pndx5016.dll
- 2009-06-12 06:30 . 1998-03-26 00:57 6656 c:\windows\system32\pndx5016.dll
- 2009-06-12 06:30 . 2006-07-05 16:02 5120 c:\windows\system32\ff_vfw.dll
+ 2009-04-29 09:58 . 2006-07-05 16:02 5120 c:\windows\system32\ff_vfw.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-07-25 07:03 . 2004-05-23 08:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2009-02-01 16:37 . 2009-02-01 16:37 1880 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-01 16:37 . 2009-02-01 16:37 8316 c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-04-29 09:58 . 2006-02-27 11:30 217088 c:\windows\system32\xvidvfw.dll
- 2009-06-12 06:30 . 2006-02-27 11:30 217088 c:\windows\system32\xvidvfw.dll
+ 2009-04-29 09:58 . 2006-04-20 12:00 856064 c:\windows\system32\xvidcore.dll
- 2009-06-12 06:30 . 2006-04-20 12:00 856064 c:\windows\system32\xvidcore.dll
+ 2009-04-29 09:58 . 2006-08-04 12:25 592402 c:\windows\system32\x264vfw.dll
- 2009-06-12 06:30 . 2006-08-04 12:25 592402 c:\windows\system32\x264vfw.dll
+ 2009-06-25 06:04 . 2004-05-23 08:00 135680 c:\windows\system32\T.COM
- 2009-06-12 06:30 . 2006-06-21 08:42 200704 c:\windows\system32\ssldivx.dll
+ 2009-04-29 09:58 . 2006-06-21 08:42 200704 c:\windows\system32\ssldivx.dll
+ 2009-04-29 09:58 . 2006-01-27 22:55 176167 c:\windows\system32\rmoc3260.dll
- 2009-06-12 06:30 . 2006-01-27 22:55 176167 c:\windows\system32\rmoc3260.dll
- 2009-06-12 06:30 . 2001-06-22 21:31 278528 c:\windows\system32\pncrt.dll
+ 2009-04-29 09:58 . 2001-06-22 21:31 278528 c:\windows\system32\pncrt.dll
- 2004-05-23 08:00 . 2009-06-24 08:01 354318 c:\windows\system32\perfh009.dat
+ 2004-05-23 08:00 . 2009-07-31 08:28 354318 c:\windows\system32\perfh009.dat
+ 2009-05-19 03:17 . 2007-08-24 07:01 307200 c:\windows\system32\igfxtray.exe
+ 2007-10-10 15:05 . 2007-07-23 08:39 202160 c:\windows\system32\idmmbc.dll
+ 2009-05-19 03:17 . 2007-08-24 07:01 335872 c:\windows\system32\hkcmd.exe
+ 2009-05-18 19:33 . 2009-07-31 10:22 288496 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-29 09:58 . 2006-05-24 20:46 200704 c:\windows\system32\dtu100.dll
- 2009-06-12 06:30 . 2006-05-24 20:46 200704 c:\windows\system32\dtu100.dll
+ 2009-07-25 07:03 . 2004-05-23 12:00 111104 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 656384 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 577024 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-07-25 07:03 . 2004-05-23 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 359040 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-07-25 07:03 . 2004-05-23 12:00 170496 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 108032 c:\windows\system32\dllcache\cache\services.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 395776 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-07-25 07:03 . 2004-05-23 08:00 924432 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 983552 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 611328 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-07-25 07:03 . 2004-08-03 18:39 142464 c:\windows\system32\dllcache\cache\aec.sys
- 2009-06-12 06:30 . 2006-07-03 19:40 620180 c:\windows\system32\divx.dll
+ 2009-04-29 09:58 . 2006-07-03 19:40 620180 c:\windows\system32\divx.dll
+ 2009-06-25 06:04 . 2004-05-23 08:00 146432 c:\windows\R.COM
+ 2009-04-29 09:58 . 2003-06-22 22:44 1415680 c:\windows\system32\WMV9VCM.dll
- 2009-06-12 06:30 . 2003-06-22 22:44 1415680 c:\windows\system32\WMV9VCM.dll
- 2009-06-12 06:30 . 2006-05-24 20:47 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-04-29 09:58 . 2006-05-24 20:47 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-04-29 09:58 . 2006-06-21 08:42 1044480 c:\windows\system32\libdivx.dll
- 2009-06-12 06:30 . 2006-06-21 08:42 1044480 c:\windows\system32\libdivx.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 2180992 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 2056832 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 1032192 c:\windows\system32\dllcache\cache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-05-23 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-25 556280]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5802008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22161192]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-10-10 2700720]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-13 4616192]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 258048]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 162816]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 86016]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 69632]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 1662976]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 372736]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 770048]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 1265664]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 41472]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 30208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 757760]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2008-03-22 517360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 163840]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 775]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 233472]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 200704]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 192512]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 139264]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 38400]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 118784]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 206]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 200704]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 4608000]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 355]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2009-07-31 88]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2009-07-31 60]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 540672]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 237568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 876633]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 307200]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 335872]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 522096]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-19 1935872]
"kadmiwe"="c:\windows\system32\Kadmiwe.COM" [2009-05-23 206479]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-05-23 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-05-23 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-11 464488]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-23 490496]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2008-11-6 7319880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\report program\\HiJackThis.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Y!Multi Messenger.exe"=
"c:\\WINDOWS\\system32\\CF27940.exe"=
"c:\\Program Files\\Adobe\\Photoshop 7.0 ME\\ImageReady.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\plhkmq.sys --> c:\windows\system32\drivers\plhkmq.sys [?]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [20/05/2009 05:59 ص 99328]
.
- - - - ORPHANS REMOVED - - - -
BHO-{F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - (no file)
.
------- Supplementary Scan -------
.
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-31 14:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7b,dc,9e,32,a6,b5,13,c3,0f,e2,23,db,4f,6b,81,b9,36,27,06,5d,04,
da,0f,74,3c,ce,9d,35,31,b2,4c,d2,eb,65,bb,b0,5f,52,5f,fe,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{adcd4037-0c1d-4020-9a8e-32bbcffd523e}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d3
"Therad"=dword:00000020
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WDFMGR.EXE
c:\program files\HEWLETT-PACKARD\SHARED\HPQWMIEX.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\SYSTEM32\IGFXSRVC.EXE
c:\docume~1\c:\program files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOP.EXE
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-07-31 14:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 10:23
ComboFix2.txt 2009-07-25 07:04
ComboFix3.txt 2009-07-22 06:38
ComboFix4.txt 2009-07-20 12:05
ComboFix5.txt 2009-07-31 10:20
Pre-Run: 11,603,959,808 bytes free
Post-Run: 11,691,868,160 bytes free
309
عندي خلل من اضغط كنترول الت دليت
تظهر هذه الصوره
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
....
ويحدث عندي انقطاع بالنت....
استخدم مودم امنيه....للانترنت
........وهذا تقرير كوفيكس
..........................................................................
ComboFix 09-05-22.05 - ابواب لل 07/31/2009 14:20.9 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.964.1033.18.503.194 [GMT 4:00]
Running from: f:\new defence\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ابوابل~1\LOCALS~1\Temp\.com
c:\documents and settings\ابواب لل\Local Settings\Temp\.com
c:\program files\alexa toolbar
c:\program files\alexa toolbar\uninstall.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 08:16 . 2009-07-31 08:17 -------- d-----w c:\program files\ZTE Wireless Terminal
2009-07-25 07:03 . 2009-07-25 07:03 -------- d-----w c:\windows\system32\dllcache\cache
2009-07-23 19:36 . 2009-07-23 19:37 116144 ----a-w c:\documents and settings\ابواب للحا\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w c:\documents and settings\ابواب للحا\Application Data\IDM
2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w c:\documents and settings\ابواب للحا\Application Data\DMCache
2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w c:\program files\Internet Download Manager
2009-07-20 22:21 . 2009-07-20 22:59 2452 ----a-w c:\windows\system32\Kadmiwe.dll
2009-07-12 06:19 . 2009-07-12 06:19 -------- d-----w c:\documents and settings\ابواب للحا\Local Settings\Application Data\WMTools Downloaded Files
2009-07-10 16:59 . 2009-07-10 16:59 -------- d-----w C:\!KillBox
2009-07-09 18:17 . 2009-07-09 18:17 -------- d-----w c:\documents and settings\ابواب للحا\Local Settings\Application Data\Identities
2009-07-09 16:47 . 2009-07-10 06:29 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-07-09 16:47 . 2009-07-10 06:29 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-07-09 10:19 . 2009-07-09 10:19 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 10:21 . 2009-06-03 13:08 12 ----a-w c:\windows\bthservsdp.dat
2009-07-10 06:29 . 2009-07-09 16:47 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-07-10 06:29 . 2009-07-09 16:47 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-07-08 10:19 . 2009-06-22 22:14 75976 ----a-w c:\documents and settings\ابواب للحا\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 06:04 . 2009-06-25 06:04 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-06-25 06:04 . 2009-06-25 06:04 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-06-25 06:04 . 2009-06-25 06:04 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-06-25 06:04 . 2009-06-25 06:03 -------- d-----w c:\program files\Common Files\MicroWorld
2009-06-25 06:03 . 2009-06-25 06:03 -------- d-----w c:\documents and settings\All Users\Application Data\MicroWorld
2009-06-24 08:02 . 2009-06-24 08:02 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-06-24 08:02 . 2009-06-24 08:02 -------- d-----w c:\program files\TechSmith
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\VLBRV5JZ.DAT
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\7VFTBVJP.DAT
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\PZN937LF.DAT
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\BVRV9FD3.DAT
2009-06-20 00:05 . 2009-06-20 00:05 2678 ----a-w c:\windows\java\Packages\Data\6L317ZBD.DAT
2009-06-19 16:08 . 2009-06-19 16:08 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-06-19 16:08 . 2009-06-19 16:08 -------- d-----w c:\documents and settings\ابواب للحا\Application Data\skypePM
2009-06-19 16:06 . 2009-06-19 16:06 -------- d-----w c:\documents and settings\ابواب للحا\Application Data\Skype
2009-06-19 16:06 . 2009-06-19 16:06 -------- d-----w c:\program files\Skype
2009-06-19 16:06 . 2009-06-19 16:06 -------- d-----w c:\program files\Common Files\Skype
2009-06-19 16:05 . 2009-06-19 16:05 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-06-09 23:41 . 2009-06-09 23:41 -------- d-----w c:\program files\Windows Live
2009-06-03 14:40 . 2009-06-03 14:40 -------- d-----w c:\program files\SWiSHmax
2009-05-23 11:25 . 2009-05-23 11:25 206479 ----a-w c:\windows\system32\Kadmiwe.com
2009-05-19 03:18 . 2009-05-19 03:18 87328 ----a-w c:\windows\system32\bcmwlcoi.dll
2009-05-19 03:18 . 2009-05-19 03:18 1123328 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2009-05-19 02:59 . 2009-05-18 19:46 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-06-24_08.19.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-31 10:22 . 2009-07-31 10:22 16384 c:\windows\temp\Perflib_Perfdata_740.dat
+ 2009-07-19 17:46 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0008\DriverFiles\zteusbser.sys
+ 2009-05-01 09:38 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0007\DriverFiles\zteusbser.sys
+ 2009-04-26 17:48 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0006\DriverFiles\zteusbser.sys
- 2009-06-14 18:16 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0006\DriverFiles\zteusbser.sys
- 2009-06-23 15:16 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0005\DriverFiles\zteusbser.sys
+ 2009-07-16 06:52 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0005\DriverFiles\zteusbser.sys
+ 2009-07-25 17:44 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0003\DriverFiles\zteusbser.sys
- 2009-06-20 18:43 . 2008-03-10 12:11 99328 c:\windows\system32\ReinstallBackups\0003\DriverFiles\zteusbser.sys
- 2004-05-23 08:00 . 2009-06-24 08:01 52536 c:\windows\system32\perfc009.dat
+ 2004-05-23 08:00 . 2009-07-31 08:28 52536 c:\windows\system32\perfc009.dat
+ 2009-04-29 09:58 . 2006-04-07 23:13 90112 c:\windows\system32\dpl100.dll
- 2009-06-12 06:30 . 2006-04-07 23:13 90112 c:\windows\system32\dpl100.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 89088 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-07-25 07:03 . 2004-05-23 08:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-07-25 07:03 . 2004-05-23 08:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2009-02-01 16:37 . 2009-02-01 16:37 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2009-05-18 19:50 . 2009-05-20 14:08 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-04-29 09:58 . 1998-05-12 16:36 5632 c:\windows\system32\pndx5032.dll
- 2009-06-12 06:30 . 1998-05-12 16:36 5632 c:\windows\system32\pndx5032.dll
+ 2009-04-29 09:58 . 1998-03-26 00:57 6656 c:\windows\system32\pndx5016.dll
- 2009-06-12 06:30 . 1998-03-26 00:57 6656 c:\windows\system32\pndx5016.dll
- 2009-06-12 06:30 . 2006-07-05 16:02 5120 c:\windows\system32\ff_vfw.dll
+ 2009-04-29 09:58 . 2006-07-05 16:02 5120 c:\windows\system32\ff_vfw.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-07-25 07:03 . 2004-05-23 08:00 4224 c:\windows\system32\dllcache\cache\beep.sys
+ 2009-02-01 16:37 . 2009-02-01 16:37 1880 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-02-01 16:37 . 2009-02-01 16:37 8316 c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-04-29 09:58 . 2006-02-27 11:30 217088 c:\windows\system32\xvidvfw.dll
- 2009-06-12 06:30 . 2006-02-27 11:30 217088 c:\windows\system32\xvidvfw.dll
+ 2009-04-29 09:58 . 2006-04-20 12:00 856064 c:\windows\system32\xvidcore.dll
- 2009-06-12 06:30 . 2006-04-20 12:00 856064 c:\windows\system32\xvidcore.dll
+ 2009-04-29 09:58 . 2006-08-04 12:25 592402 c:\windows\system32\x264vfw.dll
- 2009-06-12 06:30 . 2006-08-04 12:25 592402 c:\windows\system32\x264vfw.dll
+ 2009-06-25 06:04 . 2004-05-23 08:00 135680 c:\windows\system32\T.COM
- 2009-06-12 06:30 . 2006-06-21 08:42 200704 c:\windows\system32\ssldivx.dll
+ 2009-04-29 09:58 . 2006-06-21 08:42 200704 c:\windows\system32\ssldivx.dll
+ 2009-04-29 09:58 . 2006-01-27 22:55 176167 c:\windows\system32\rmoc3260.dll
- 2009-06-12 06:30 . 2006-01-27 22:55 176167 c:\windows\system32\rmoc3260.dll
- 2009-06-12 06:30 . 2001-06-22 21:31 278528 c:\windows\system32\pncrt.dll
+ 2009-04-29 09:58 . 2001-06-22 21:31 278528 c:\windows\system32\pncrt.dll
- 2004-05-23 08:00 . 2009-06-24 08:01 354318 c:\windows\system32\perfh009.dat
+ 2004-05-23 08:00 . 2009-07-31 08:28 354318 c:\windows\system32\perfh009.dat
+ 2009-05-19 03:17 . 2007-08-24 07:01 307200 c:\windows\system32\igfxtray.exe
+ 2007-10-10 15:05 . 2007-07-23 08:39 202160 c:\windows\system32\idmmbc.dll
+ 2009-05-19 03:17 . 2007-08-24 07:01 335872 c:\windows\system32\hkcmd.exe
+ 2009-05-18 19:33 . 2009-07-31 10:22 288496 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-29 09:58 . 2006-05-24 20:46 200704 c:\windows\system32\dtu100.dll
- 2009-06-12 06:30 . 2006-05-24 20:46 200704 c:\windows\system32\dtu100.dll
+ 2009-07-25 07:03 . 2004-05-23 12:00 111104 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 656384 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 577024 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-07-25 07:03 . 2004-05-23 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 359040 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-07-25 07:03 . 2004-05-23 12:00 170496 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 108032 c:\windows\system32\dllcache\cache\services.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 395776 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-07-25 07:03 . 2004-05-23 08:00 924432 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 983552 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 611328 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-07-25 07:03 . 2004-08-03 18:39 142464 c:\windows\system32\dllcache\cache\aec.sys
- 2009-06-12 06:30 . 2006-07-03 19:40 620180 c:\windows\system32\divx.dll
+ 2009-04-29 09:58 . 2006-07-03 19:40 620180 c:\windows\system32\divx.dll
+ 2009-06-25 06:04 . 2004-05-23 08:00 146432 c:\windows\R.COM
+ 2009-04-29 09:58 . 2003-06-22 22:44 1415680 c:\windows\system32\WMV9VCM.dll
- 2009-06-12 06:30 . 2003-06-22 22:44 1415680 c:\windows\system32\WMV9VCM.dll
- 2009-06-12 06:30 . 2006-05-24 20:47 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-04-29 09:58 . 2006-05-24 20:47 3596288 c:\windows\system32\qt-dx331.dll
+ 2009-04-29 09:58 . 2006-06-21 08:42 1044480 c:\windows\system32\libdivx.dll
- 2009-06-12 06:30 . 2006-06-21 08:42 1044480 c:\windows\system32\libdivx.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-07-25 07:03 . 2004-05-23 08:00 2180992 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 2056832 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-07-25 07:03 . 2004-05-23 08:00 1032192 c:\windows\system32\dllcache\cache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-05-23 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-25 556280]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5802008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22161192]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-10-10 2700720]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-13 4616192]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 258048]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 162816]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 86016]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 69632]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 1662976]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 372736]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 770048]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 1265664]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 41472]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 30208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 757760]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2008-03-22 517360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 163840]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 775]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 233472]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 200704]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 192512]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 139264]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 38400]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 118784]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 206]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 200704]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 4608000]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2006-07-05 355]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2009-07-31 88]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\Y!Multi Messenger.exe" [2009-07-31 60]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 540672]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 237568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 876633]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 307200]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 335872]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 522096]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-19 1935872]
"kadmiwe"="c:\windows\system32\Kadmiwe.COM" [2009-05-23 206479]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-05-23 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-05-23 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-4-11 464488]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-23 490496]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2008-11-6 7319880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\report program\\HiJackThis.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Y!Multi Messenger.exe"=
"c:\\WINDOWS\\system32\\CF27940.exe"=
"c:\\Program Files\\Adobe\\Photoshop 7.0 ME\\ImageReady.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\plhkmq.sys --> c:\windows\system32\drivers\plhkmq.sys [?]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [20/05/2009 05:59 ص 99328]
.
- - - - ORPHANS REMOVED - - - -
BHO-{F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - (no file)
.
------- Supplementary Scan -------
.
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-31 14:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7b,dc,9e,32,a6,b5,13,c3,0f,e2,23,db,4f,6b,81,b9,36,27,06,5d,04,
da,0f,74,3c,ce,9d,35,31,b2,4c,d2,eb,65,bb,b0,5f,52,5f,fe,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{adcd4037-0c1d-4020-9a8e-32bbcffd523e}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d3
"Therad"=dword:00000020
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WDFMGR.EXE
c:\program files\HEWLETT-PACKARD\SHARED\HPQWMIEX.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\SYSTEM32\IGFXSRVC.EXE
c:\docume~1\c:\program files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOP.EXE
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-07-31 14:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 10:23
ComboFix2.txt 2009-07-25 07:04
ComboFix3.txt 2009-07-22 06:38
ComboFix4.txt 2009-07-20 12:05
ComboFix5.txt 2009-07-31 10:20
Pre-Run: 11,603,959,808 bytes free
Post-Run: 11,691,868,160 bytes free
309
