- بادئ الموضوع عس عس
- تاريخ البدء
عاشق الصيانة
زيزوومي جديد
- إنضم
- 21 مايو 2009
- المشاركات
- 436
- مستوى التفاعل
- 1
- النقاط
- 0
غير متصل
هدة يااماء في جهاوك فايرس ياماء فية ملفات ناقصة في جهازك الحل الجدري لها بالنسبة لي وانا جربتها الفورمات وانت براحتك انتطر يمكن حد من الاخوان عندة حل
تأييد
0
تفضل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:09 ص, on 29/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=a:3
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6701 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:09 ص, on 29/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=a:3
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6701 bytes
توقيع : عس عس
تأييد
0
من الهايجاك احذف القيم التاليه :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
ويبغى لك تحدث جهازك وتحدث المتصفح
تأييد
0
عطلى خاصية استعادة النظام
شرح تعطيل أستعادة النظام ..[/FONT]
بعد ذلك
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
التعديل الأخير بواسطة المشرف:
تأييد
0
تفضل
ComboFix 09-09-30.01 - user 09/30/2009 3:14.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.894.416 [GMT -7:00]
Running from: c:\documents and settings\user\My Documents\ComboFix.exe3.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Application Data\seres.exe
c:\documents and settings\user\Application Data\svcst.exe
c:\documents and settings\user\Application Data\wiaserva.log
c:\documents and settings\user\Start Menu\Programs\Startup\wbhwin32.exe
c:\windows\Installer\2a4363.msp
c:\windows\Installer\34db3d.msp
c:\windows\system32\_000045_.tmp.dll
c:\windows\system32\qtplugin.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.
2009-09-30 10:11 . 2009-09-30 10:11 -------- d-----w- c:\windows\system32\KB905474
2009-09-30 10:11 . 2009-03-11 05:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-09-30 10:11 . 2009-03-11 05:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-09-29 19:00 . 2009-09-29 20:50 -------- d-----w- c:\windows\LastGood
2009-09-29 09:44 . 2004-08-04 00:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-28 10:02 . 2009-09-28 10:02 -------- d-----w- c:\windows\ServicePackFiles
2009-09-19 01:12 . 2009-09-29 21:16 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-18 11:42 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-18 11:42 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-18 11:42 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-18 11:42 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-09-18 03:35 . 2009-09-18 03:35 -------- d-----w- c:\program files\PLUS FACE
2009-09-17 11:54 . 2009-09-17 11:54 -------- d-----w- c:\program files\Ask Search Assistant
2009-09-17 04:01 . 2009-09-17 04:01 -------- d-----w- c:\program files\Trend Micro
2009-09-10 09:36 . 2009-09-10 09:36 -------- d-----w- c:\windows\Sun
2009-09-10 04:38 . 2009-09-10 04:38 -------- d-----w- c:\documents and settings\user\Application Data\CyberScrub
2009-09-10 04:38 . 2009-09-10 04:38 -------- d-----w- c:\documents and settings\user\Application Data\cleaner
2009-09-09 03:15 . 2009-09-09 03:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 03:15 . 2009-09-09 03:15 -------- d-----w- c:\program files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 18:54 . 2009-06-27 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-28 10:05 . 2009-07-28 10:34 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-26 00:39 . 2009-07-17 08:52 -------- d-----w- c:\program files\Crcle Developement
2009-09-26 00:24 . 2009-07-17 08:53 -------- d-----w- c:\documents and settings\user\Application Data\PLUS FACE
2009-09-21 22:42 . 2009-06-27 15:34 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-21 22:42 . 2009-06-27 15:34 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-21 00:17 . 2009-06-28 00:51 299568 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 11:30 . 2009-06-27 15:47 -------- d-----w- c:\program files\Microsoft Works
2009-09-18 03:36 . 2009-07-17 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\seek film amok web
2009-09-18 03:34 . 2009-07-17 08:52 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-30 08:43 . 2009-08-30 08:43 -------- d-----w- c:\documents and settings\user\Application Data\GRETECH
2009-08-30 01:34 . 2009-08-30 01:34 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-30 00:21 . 2009-06-27 15:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-29 02:57 . 2009-06-27 16:20 10 ----a-w- c:\windows\popcinfo.dat
2009-08-18 22:00 . 2009-06-27 16:24 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-08-05 09:11 . 2004-08-04 00:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 01:14 . 2009-07-31 01:14 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-31 01:12 . 2009-06-27 15:33 311328 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-31 01:12 . 2009-06-27 15:33 2204192 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-29 04:53 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2001-08-23 14:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-18 16:20 . 2009-07-18 16:20 3062272 ------w- c:\windows\system32\SET5749.tmp
2009-07-18 16:20 . 2009-07-18 16:20 1506304 ----a-w- c:\windows\system32\SET5744.tmp
2009-07-17 18:55 . 2004-08-04 00:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:18 . 2004-08-04 00:56 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 22:48 . 2009-07-03 22:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 22:45 . 2009-07-03 22:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-09-28_08.54.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 00:56 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-04 00:56 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2009-06-28 01:03 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe
- 2009-06-28 01:03 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-08-25 01:14 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2009-08-25 01:14 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 00:56 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 95744 c:\windows\system32\mqsec.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 16896 c:\windows\system32\mqise.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-04 00:56 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 19968 c:\windows\system32\mqbkup.exe
+ 2004-08-04 00:56 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 81920 c:\windows\system32\ieencode.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 81920 c:\windows\system32\ieencode.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll
+ 2004-08-03 22:58 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2004-08-04 00:56 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-04 00:56 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-04 00:56 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 00:56 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 16896 c:\windows\system32\dllcache\mqise.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-04 00:56 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-03 22:58 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2004-08-04 00:56 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-28 00:44 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe
- 2009-06-28 00:44 . 2004-08-04 00:56 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 00:56 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-04 00:56 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-04 00:56 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2009-06-28 00:50 . 2009-09-22 08:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 00:50 . 2009-09-28 09:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-28 00:50 . 2009-09-22 08:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-28 00:50 . 2009-09-28 09:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-28 09:09 . 2009-09-28 09:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-28 00:50 . 2009-09-22 08:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-04 00:56 . 2004-08-04 00:56 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 00:56 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2009-09-18 11:44 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\spcustom.dll
- 2009-09-18 11:44 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\spmsg.dll
+ 2009-06-27 15:50 . 2009-09-30 10:11 23040 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 23040 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 61440 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 61440 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 27136 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 27136 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 11264 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 11264 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 86016 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 86016 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 12288 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 12288 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 02:07 . 2007-03-23 02:07 78168 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 02:07 . 2007-03-23 02:07 41824 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 02:05 . 2007-03-23 02:05 97632 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 69984 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 02:07 . 2007-03-23 02:07 80224 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 02:07 . 2007-03-23 02:07 91488 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2004-08-04 00:56 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 4608 c:\windows\system32\mqsvc.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2004-08-04 00:56 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 4096 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 4096 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 00:56 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-08-04 00:56 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2009-06-28 00:42 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 471552 c:\windows\system32\mqutil.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 186880 c:\windows\system32\mqtrig.dll
+ 2004-08-04 00:56 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-08-04 00:56 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 177152 c:\windows\system32\mqrt.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 225280 c:\windows\system32\mqoa.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 138240 c:\windows\system32\mqad.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
+ 2004-08-04 00:56 . 2008-06-10 08:31 103936 c:\windows\system32\logagent.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 103936 c:\windows\system32\logagent.exe
+ 2004-08-04 00:56 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-04 00:56 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2009-06-27 17:36 . 2009-09-21 00:12 757032 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-27 17:36 . 2009-09-28 12:21 757032 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 00:56 . 2004-08-04 00:56 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 00:56 . 2009-07-13 09:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 659456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 00:56 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 00:56 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2009-06-28 00:42 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2004-08-04 00:56 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2004-08-04 00:56 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 138240 c:\windows\system32\dllcache\mqad.dll
+ 2004-08-04 00:56 . 2008-06-10 08:31 103936 c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 103936 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 00:56 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 00:56 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll
- 2009-09-18 11:44 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\updspapi.dll
- 2009-09-18 11:44 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe
- 2009-09-18 11:44 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\spuninst.exe
+ 2008-01-23 23:45 . 2008-01-23 23:45 738816 c:\windows\Installer\34db3b.msp
+ 2008-07-28 22:00 . 2008-07-28 22:00 161792 c:\windows\Installer\34db25.msp
+ 2009-06-27 15:50 . 2009-09-30 10:11 409600 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 409600 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 286720 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 286720 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 249856 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 249856 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 794624 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 794624 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 135168 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 135168 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 593920 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 593920 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-03-23 02:22 . 2007-03-23 02:22 103264 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-10 20:34 . 2007-05-10 20:34 562528 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-05-31 20:36 . 2007-05-31 20:36 612184 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-31 20:35 . 2007-05-31 20:35 133976 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 149856 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 20:42 . 2007-05-31 20:42 200032 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 20:53 . 2007-04-19 20:53 106336 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 20:54 . 2007-04-19 20:54 183136 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 127328 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 21:09 . 2007-04-19 21:09 167256 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 137568 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2004-08-04 00:57 . 2009-05-26 23:51 2174976 c:\windows\system32\WMVCore.dll
+ 2004-08-04 00:56 . 2009-07-13 09:18 4960256 c:\windows\system32\wmp.dll
+ 2004-08-04 00:56 . 2008-06-11 01:18 1053696 c:\windows\system32\WMNetmgr.dll
+ 2004-08-03 23:17 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2004-08-04 00:56 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-04 00:56 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2008-03-21 01:06 . 2009-02-06 19:35 1486208 c:\windows\system32\LegitCheckControl.DLL
+ 2004-08-04 00:57 . 2009-05-26 23:51 2174976 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 00:56 . 2009-07-13 09:18 4960256 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 00:56 . 2008-06-11 01:18 1053696 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-03 23:17 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 00:56 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 00:56 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 00:56 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2009-06-28 00:44 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 00:56 . 2009-07-18 16:20 3062272 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll
+ 2009-09-29 20:50 . 2008-03-21 01:06 1480232 c:\windows\LastGood\system32\LegitCheckControl.DLL
+ 2009-04-24 00:57 . 2009-04-24 00:57 7672832 c:\windows\Installer\9c75f.msp
+ 2008-01-14 23:53 . 2008-01-14 23:53 5213696 c:\windows\Installer\36c541.msp
+ 2008-10-25 16:15 . 2008-10-25 16:15 6227456 c:\windows\Installer\34db52.msp
+ 2009-05-01 22:49 . 2009-05-01 22:49 4328960 c:\windows\Installer\3431d99.msp
+ 2009-07-01 20:21 . 2009-07-01 20:21 8891904 c:\windows\Installer\3431d81.msp
+ 2009-05-12 20:01 . 2009-05-12 20:01 6818816 c:\windows\Installer\3431d52.msp
+ 2008-04-01 21:33 . 2008-04-01 21:33 5479936 c:\windows\Installer\2a4361.msp
+ 2008-01-31 17:30 . 2008-01-31 17:30 9947648 c:\windows\Installer\2a4332.msp
+ 2007-05-10 00:19 . 2007-05-10 00:19 2585936 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 20:35 . 2007-05-31 20:35 6420320 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 20:45 . 2007-05-10 20:45 8069464 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 20:10 . 2007-03-14 20:10 7255384 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2007-05-31 20:43 . 2007-05-31 20:43 7613280 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-05-10 20:35 . 2007-05-10 20:35 6747480 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2009-09-30 10:07 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2008-01-14 22:24 . 2008-01-14 22:24 10721280 c:\windows\Installer\9c774.msp
+ 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\3431d82.msp
+ 2008-07-30 15:50 . 2008-07-30 15:50 12506112 c:\windows\Installer\3431d68.msp
+ 2008-06-04 20:29 . 2008-06-04 20:29 16905728 c:\windows\Installer\2a4348.msp
+ 2007-05-31 20:37 . 2007-05-31 20:37 12310368 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-19 00:16 . 2007-06-19 00:16 12259160 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 20:41 . 2007-05-31 20:41 10352472 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-27 185896]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 303104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-07-11 176128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [27/06/2009 05:56 م 13696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [14/08/2006 10:51 ص 654848]
.
Contents of the 'Scheduled Tasks' folder
2009-09-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-09-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = https=a:3
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-restorer32_a - c:\documents and settings\user\restorer32_a.exe
HKCU-Run-mserv - c:\documents and settings\user\Application Data\seres.exe
HKLM-Run-restorer32_a - c:\windows\system32\restorer32_a.exe
HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-09-30 03:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11Res.dll
.
Completion time: 2009-09-30 3:19
ComboFix-quarantined-files.txt 2009-09-30 10:19
ComboFix2.txt 2009-09-28 08:55
Pre-Run: 31,543,205,888 bytes free
Post-Run: 31,526,739,968 bytes free
389 --- E O F --- 2009-09-30 10:12
ComboFix 09-09-30.01 - user 09/30/2009 3:14.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.894.416 [GMT -7:00]
Running from: c:\documents and settings\user\My Documents\ComboFix.exe3.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Application Data\seres.exe
c:\documents and settings\user\Application Data\svcst.exe
c:\documents and settings\user\Application Data\wiaserva.log
c:\documents and settings\user\Start Menu\Programs\Startup\wbhwin32.exe
c:\windows\Installer\2a4363.msp
c:\windows\Installer\34db3d.msp
c:\windows\system32\_000045_.tmp.dll
c:\windows\system32\qtplugin.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.
2009-09-30 10:11 . 2009-09-30 10:11 -------- d-----w- c:\windows\system32\KB905474
2009-09-30 10:11 . 2009-03-11 05:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-09-30 10:11 . 2009-03-11 05:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-09-29 19:00 . 2009-09-29 20:50 -------- d-----w- c:\windows\LastGood
2009-09-29 09:44 . 2004-08-04 00:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-28 10:02 . 2009-09-28 10:02 -------- d-----w- c:\windows\ServicePackFiles
2009-09-19 01:12 . 2009-09-29 21:16 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-18 11:42 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-18 11:42 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-18 11:42 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-18 11:42 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-09-18 03:35 . 2009-09-18 03:35 -------- d-----w- c:\program files\PLUS FACE
2009-09-17 11:54 . 2009-09-17 11:54 -------- d-----w- c:\program files\Ask Search Assistant
2009-09-17 04:01 . 2009-09-17 04:01 -------- d-----w- c:\program files\Trend Micro
2009-09-10 09:36 . 2009-09-10 09:36 -------- d-----w- c:\windows\Sun
2009-09-10 04:38 . 2009-09-10 04:38 -------- d-----w- c:\documents and settings\user\Application Data\CyberScrub
2009-09-10 04:38 . 2009-09-10 04:38 -------- d-----w- c:\documents and settings\user\Application Data\cleaner
2009-09-09 03:15 . 2009-09-09 03:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 03:15 . 2009-09-09 03:15 -------- d-----w- c:\program files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 18:54 . 2009-06-27 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-28 10:05 . 2009-07-28 10:34 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-26 00:39 . 2009-07-17 08:52 -------- d-----w- c:\program files\Crcle Developement
2009-09-26 00:24 . 2009-07-17 08:53 -------- d-----w- c:\documents and settings\user\Application Data\PLUS FACE
2009-09-21 22:42 . 2009-06-27 15:34 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-21 22:42 . 2009-06-27 15:34 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-21 00:17 . 2009-06-28 00:51 299568 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 11:30 . 2009-06-27 15:47 -------- d-----w- c:\program files\Microsoft Works
2009-09-18 03:36 . 2009-07-17 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\seek film amok web
2009-09-18 03:34 . 2009-07-17 08:52 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-30 08:43 . 2009-08-30 08:43 -------- d-----w- c:\documents and settings\user\Application Data\GRETECH
2009-08-30 01:34 . 2009-08-30 01:34 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-30 00:21 . 2009-06-27 15:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-29 02:57 . 2009-06-27 16:20 10 ----a-w- c:\windows\popcinfo.dat
2009-08-18 22:00 . 2009-06-27 16:24 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-08-05 09:11 . 2004-08-04 00:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 01:14 . 2009-07-31 01:14 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-31 01:12 . 2009-06-27 15:33 311328 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-31 01:12 . 2009-06-27 15:33 2204192 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-29 04:53 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2001-08-23 14:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-18 16:20 . 2009-07-18 16:20 3062272 ------w- c:\windows\system32\SET5749.tmp
2009-07-18 16:20 . 2009-07-18 16:20 1506304 ----a-w- c:\windows\system32\SET5744.tmp
2009-07-17 18:55 . 2004-08-04 00:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:18 . 2004-08-04 00:56 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 22:48 . 2009-07-03 22:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 22:45 . 2009-07-03 22:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-09-28_08.54.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 00:56 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-04 00:56 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2009-06-28 01:03 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe
- 2009-06-28 01:03 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-08-25 01:14 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2009-08-25 01:14 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 00:56 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 95744 c:\windows\system32\mqsec.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 16896 c:\windows\system32\mqise.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-04 00:56 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 19968 c:\windows\system32\mqbkup.exe
+ 2004-08-04 00:56 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 81920 c:\windows\system32\ieencode.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 81920 c:\windows\system32\ieencode.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll
+ 2004-08-03 22:58 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2004-08-04 00:56 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-04 00:56 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-04 00:56 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 00:56 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 16896 c:\windows\system32\dllcache\mqise.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-04 00:56 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-03 22:58 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2004-08-04 00:56 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-28 00:44 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe
- 2009-06-28 00:44 . 2004-08-04 00:56 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 00:56 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-04 00:56 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-04 00:56 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2009-06-28 00:50 . 2009-09-22 08:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 00:50 . 2009-09-28 09:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-28 00:50 . 2009-09-22 08:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-06-28 00:50 . 2009-09-28 09:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-28 09:09 . 2009-09-28 09:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-28 00:50 . 2009-09-22 08:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-04 00:56 . 2004-08-04 00:56 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 00:56 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2009-09-18 11:44 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\spcustom.dll
- 2009-09-18 11:44 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\spmsg.dll
+ 2009-06-27 15:50 . 2009-09-30 10:11 23040 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 23040 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 61440 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 61440 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 27136 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 27136 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 11264 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 11264 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 86016 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 86016 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 12288 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 12288 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 02:07 . 2007-03-23 02:07 78168 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 02:07 . 2007-03-23 02:07 41824 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 02:05 . 2007-03-23 02:05 97632 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 69984 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 02:07 . 2007-03-23 02:07 80224 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 02:07 . 2007-03-23 02:07 91488 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2004-08-04 00:56 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 4608 c:\windows\system32\mqsvc.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2004-08-04 00:56 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 4096 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 4096 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 00:56 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-08-04 00:56 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2009-06-28 00:42 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 471552 c:\windows\system32\mqutil.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 186880 c:\windows\system32\mqtrig.dll
+ 2004-08-04 00:56 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-08-04 00:56 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 177152 c:\windows\system32\mqrt.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 225280 c:\windows\system32\mqoa.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 138240 c:\windows\system32\mqad.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
+ 2004-08-04 00:56 . 2008-06-10 08:31 103936 c:\windows\system32\logagent.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 103936 c:\windows\system32\logagent.exe
+ 2004-08-04 00:56 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-04 00:56 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2009-06-27 17:36 . 2009-09-21 00:12 757032 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-27 17:36 . 2009-09-28 12:21 757032 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 00:56 . 2004-08-04 00:56 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 00:56 . 2009-07-13 09:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 659456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 00:56 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 00:56 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2009-06-28 00:42 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2004-08-04 00:56 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2004-08-04 00:56 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2004-08-04 00:56 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 138240 c:\windows\system32\dllcache\mqad.dll
+ 2004-08-04 00:56 . 2008-06-10 08:31 103936 c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 00:56 . 2004-08-04 00:56 103936 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 00:56 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 00:56 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 00:56 . 2004-08-04 00:56 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll
- 2009-09-18 11:44 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\updspapi.dll
- 2009-09-18 11:44 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe
- 2009-09-18 11:44 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\spuninst.exe
+ 2008-01-23 23:45 . 2008-01-23 23:45 738816 c:\windows\Installer\34db3b.msp
+ 2008-07-28 22:00 . 2008-07-28 22:00 161792 c:\windows\Installer\34db25.msp
+ 2009-06-27 15:50 . 2009-09-30 10:11 409600 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 409600 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 286720 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 286720 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 249856 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 249856 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 794624 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 794624 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 135168 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 135168 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-27 15:50 . 2009-09-20 11:44 593920 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-06-27 15:50 . 2009-09-30 10:11 593920 c:\windows\Installer\{90110401-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-03-23 02:22 . 2007-03-23 02:22 103264 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-10 20:34 . 2007-05-10 20:34 562528 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-05-31 20:36 . 2007-05-31 20:36 612184 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-31 20:35 . 2007-05-31 20:35 133976 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 149856 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 20:42 . 2007-05-31 20:42 200032 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 20:53 . 2007-04-19 20:53 106336 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 20:54 . 2007-04-19 20:54 183136 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 127328 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 21:09 . 2007-04-19 21:09 167256 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 137568 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2004-08-04 00:57 . 2009-05-26 23:51 2174976 c:\windows\system32\WMVCore.dll
+ 2004-08-04 00:56 . 2009-07-13 09:18 4960256 c:\windows\system32\wmp.dll
+ 2004-08-04 00:56 . 2008-06-11 01:18 1053696 c:\windows\system32\WMNetmgr.dll
+ 2004-08-03 23:17 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2004-08-04 00:56 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-04 00:56 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2008-03-21 01:06 . 2009-02-06 19:35 1486208 c:\windows\system32\LegitCheckControl.DLL
+ 2004-08-04 00:57 . 2009-05-26 23:51 2174976 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 00:56 . 2009-07-13 09:18 4960256 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 00:56 . 2008-06-11 01:18 1053696 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-03 23:17 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 00:56 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 00:56 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 00:56 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2009-06-28 00:44 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 00:56 . 2009-07-18 16:20 3062272 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 00:56 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll
+ 2009-09-29 20:50 . 2008-03-21 01:06 1480232 c:\windows\LastGood\system32\LegitCheckControl.DLL
+ 2009-04-24 00:57 . 2009-04-24 00:57 7672832 c:\windows\Installer\9c75f.msp
+ 2008-01-14 23:53 . 2008-01-14 23:53 5213696 c:\windows\Installer\36c541.msp
+ 2008-10-25 16:15 . 2008-10-25 16:15 6227456 c:\windows\Installer\34db52.msp
+ 2009-05-01 22:49 . 2009-05-01 22:49 4328960 c:\windows\Installer\3431d99.msp
+ 2009-07-01 20:21 . 2009-07-01 20:21 8891904 c:\windows\Installer\3431d81.msp
+ 2009-05-12 20:01 . 2009-05-12 20:01 6818816 c:\windows\Installer\3431d52.msp
+ 2008-04-01 21:33 . 2008-04-01 21:33 5479936 c:\windows\Installer\2a4361.msp
+ 2008-01-31 17:30 . 2008-01-31 17:30 9947648 c:\windows\Installer\2a4332.msp
+ 2007-05-10 00:19 . 2007-05-10 00:19 2585936 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 20:35 . 2007-05-31 20:35 6420320 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 20:45 . 2007-05-10 20:45 8069464 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 20:10 . 2007-03-14 20:10 7255384 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2007-05-31 20:43 . 2007-05-31 20:43 7613280 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-05-10 20:35 . 2007-05-10 20:35 6747480 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2009-09-30 10:07 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2008-01-14 22:24 . 2008-01-14 22:24 10721280 c:\windows\Installer\9c774.msp
+ 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\3431d82.msp
+ 2008-07-30 15:50 . 2008-07-30 15:50 12506112 c:\windows\Installer\3431d68.msp
+ 2008-06-04 20:29 . 2008-06-04 20:29 16905728 c:\windows\Installer\2a4348.msp
+ 2007-05-31 20:37 . 2007-05-31 20:37 12310368 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-19 00:16 . 2007-06-19 00:16 12259160 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 20:41 . 2007-05-31 20:41 10352472 c:\windows\Installer\$PatchCache$\Managed\1040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-27 185896]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 303104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-07-11 176128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [27/06/2009 05:56 م 13696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [14/08/2006 10:51 ص 654848]
.
Contents of the 'Scheduled Tasks' folder
2009-09-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-09-30 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = https=a:3
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-restorer32_a - c:\documents and settings\user\restorer32_a.exe
HKCU-Run-mserv - c:\documents and settings\user\Application Data\seres.exe
HKLM-Run-restorer32_a - c:\windows\system32\restorer32_a.exe
HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-09-30 03:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11Res.dll
.
Completion time: 2009-09-30 3:19
ComboFix-quarantined-files.txt 2009-09-30 10:19
ComboFix2.txt 2009-09-28 08:55
Pre-Run: 31,543,205,888 bytes free
Post-Run: 31,526,739,968 bytes free
389 --- E O F --- 2009-09-30 10:12
توقيع : عس عس
تأييد
0
وهذا هايجاك جديد 
k:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:26:55 ص, on 30/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=a:3
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6631 bytes
k:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:26:55 ص, on 30/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=a:3
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6631 bytes
توقيع : عس عس
تأييد
0
