|
إنضمامك إلي منتديات استراحات زايد يحقق لك معرفة كل ماهو جديد في عالم الانترنت ...
انضم الينا
#1
| ||
| ||
السلام عليكم يااخوان تقرير كومبوفكس هذا التقرير وابغى احد يحلله لي لانا جهازي بطيء جداااااااااااااااااااااا تكفووووووووووون ComboFix 12-06-12.03 - Lg 06/13/2012 4:41.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.3003.2571 [GMT 3:00] Running from: c:\combofix\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) ))))))))) . . c:\documents and settings\Lg\Application Data\IDM\idmmzcc3 c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\chrome.manifest c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\components\idmmzcc.dll c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xp t c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\install.js c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\install.rdf c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\META-INF\manifest.mf c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf c:\documents and settings\Lg\WINDOWS c:\program files\Internet Explorer\SET4DD.tmp c:\program files\Internet Explorer\SET4DE.tmp c:\program files\Internet Explorer\SET9.tmp c:\program files\Internet Explorer\SETA.tmp c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61 a4.fb c:\windows\system32\Cache\287204568329e1 89.fb c:\windows\system32\Cache\28bc8f716fd76a 47.fb c:\windows\system32\Cache\2c53092c956053 55.fb c:\windows\system32\Cache\3917078cb68ec6 57.fb c:\windows\system32\Cache\590ba23ce359fd 0c.fb c:\windows\system32\Cache\610289e025a3ee 9a.fb c:\windows\system32\Cache\651c5d3cdbfb8b d1.fb c:\windows\system32\Cache\6c59ac5e7e7a3a d0.fb c:\windows\system32\Cache\ad10a52aff5e03 8d.fb c:\windows\system32\Cache\d201ef9910cd39 de.fb c:\windows\system32\Cache\d2e94710a57081 28.fb c:\windows\system32\Cache\d79b9dfe81484e c4.fb c:\windows\system32\Cache\ea30917390194a dc.fb c:\windows\system32\kakle.dll c:\windows\system32\SET11.tmp c:\windows\system32\SET13.tmp c:\windows\system32\SET14.tmp c:\windows\system32\SET15.tmp c:\windows\system32\SET16.tmp c:\windows\system32\SET17.tmp c:\windows\system32\SET18.tmp c:\windows\system32\SET19.tmp c:\windows\system32\SET1A.tmp c:\windows\system32\SET1C.tmp c:\windows\system32\SET1D.tmp c:\windows\system32\SET1E.tmp c:\windows\system32\SET20.tmp c:\windows\system32\SET21.tmp c:\windows\system32\SET22.tmp c:\windows\system32\SET23.tmp c:\windows\system32\SET24.tmp c:\windows\system32\SET25.tmp c:\windows\system32\SET26.tmp c:\windows\system32\SET27.tmp c:\windows\system32\SET28.tmp c:\windows\system32\SET29.tmp c:\windows\system32\SET2A.tmp c:\windows\system32\SET2B.tmp c:\windows\system32\SET2C.tmp c:\windows\system32\SET2D.tmp c:\windows\system32\SET2E.tmp c:\windows\system32\SET2F.tmp c:\windows\system32\SET30.tmp c:\windows\system32\SET31.tmp c:\windows\system32\SET32.tmp c:\windows\system32\SET33.tmp c:\windows\system32\SET34.tmp c:\windows\system32\SET35.tmp c:\windows\system32\SET4E0.tmp c:\windows\system32\SET4E1.tmp c:\windows\system32\SET4E2.tmp c:\windows\system32\SET4E3.tmp c:\windows\system32\SET4E4.tmp c:\windows\system32\SET4E5.tmp c:\windows\system32\SET4E6.tmp c:\windows\system32\SET4E7.tmp c:\windows\system32\SET4E8.tmp c:\windows\system32\SET4E9.tmp c:\windows\system32\SET4EB.tmp c:\windows\system32\SET4EC.tmp c:\windows\system32\SET4ED.tmp c:\windows\system32\SET4EF.tmp c:\windows\system32\SET4F0.tmp c:\windows\system32\SET4F1.tmp c:\windows\system32\SET4F2.tmp c:\windows\system32\SET4F3.tmp c:\windows\system32\SET4F4.tmp c:\windows\system32\SET4F5.tmp c:\windows\system32\SET4F6.tmp c:\windows\system32\SET4F7.tmp c:\windows\system32\SET4F8.tmp c:\windows\system32\SET4F9.tmp c:\windows\system32\SET4FA.tmp c:\windows\system32\SET4FB.tmp c:\windows\system32\SET4FC.tmp c:\windows\system32\SET4FD.tmp c:\windows\system32\SET4FE.tmp c:\windows\system32\SET4FF.tmp c:\windows\system32\SET500.tmp c:\windows\system32\SET501.tmp c:\windows\system32\SET502.tmp c:\windows\system32\SET503.tmp c:\windows\system32\SET504.tmp c:\windows\system32\SETF.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))) ))))))))) . . -------\Legacy_VCS -------\Service_Vcs . . ((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 ))))))))))))))))))))))))))))))) . . 2012-06-12 13:02 . 2012-06-12 13:02 -------- dc----w- C:\$WIN_NT$.~BT 2012-06-12 11:49 . 2012-06-12 11:49 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD8F6ACC-896C-4433-820C-AAFA803E66AD}\MpKsl4063c0a4.sys 2012-06-12 11:32 . 2012-05-08 16:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD8F6ACC-896C-4433-820C-AAFA803E66AD}\mpengine.dll 2012-06-11 08:31 . 2012-06-11 08:31 -------- d-----w- c:\program files\Trend Micro 2012-06-10 18:50 . 2012-06-10 18:50 -------- d-----w- c:\program files\Panda Security 2012-06-10 02:09 . 2009-09-04 14:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2012-06-10 02:09 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-06-10 02:09 . 2007-07-19 15:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2012-06-10 02:08 . 2007-05-16 13:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2012-06-10 00:53 . 2012-06-11 08:06 -------- d-----w- c:\program files\Hotspot Shield 2012-06-03 06:54 . 2012-06-12 13:30 -------- d-----w- c:\program files\FreeTime 2012-05-31 23:01 . 2012-06-03 05:32 -------- d-----w- c:\documents and settings\Lg\Application Data\SimpleTV V03 2012-05-24 01:47 . 2012-05-24 01:47 -------- d-----w- c:\program files\ElcomSoft 2012-05-20 23:59 . 2012-05-20 23:59 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-18 21:54 . 2012-05-21 00:02 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2012-05-18 21:54 . 2012-05-18 21:54 -------- d-----w- c:\documents and settings\Lg\Local Settings\Application Data\SlimWare Utilities Inc 2012-05-18 04:27 . 2012-05-18 04:27 -------- d-----w- c:\windows\system32\config\systemprofile \Application Data\IObit 2012-05-18 03:56 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll 2012-05-18 03:37 . 2012-02-23 11:25 21336 ----a-w- c:\windows\system32\RegistryDefragBootTi me.exe 2012-05-15 00:51 . 2012-06-12 13:40 -------- d-----w- c:\documents and settings\Lg\Local Settings\Application Data\DFX 2012-05-15 00:50 . 2011-10-14 14:47 174080 ----a-w- c:\windows\system32\dfxmm32.dll 2012-05-15 00:48 . 2012-06-12 13:40 -------- dc----w- c:\documents and settings\All Users\Application Data\DFX 2012-05-15 00:48 . 2012-05-15 00:50 -------- d-----w- c:\program files\Common Files\DFX . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) )))))))))))) . 2012-05-31 13:21 . 2008-04-14 17:29 598016 ----a-w- c:\windows\system32\crypt32.dll 2012-05-11 14:00 . 2012-04-02 11:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-11 14:00 . 2011-06-15 05:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cp l 2012-05-04 21:27 . 2009-05-25 07:21 1212416 ----a-w- c:\windows\system32\ckll.dll 2012-05-04 21:27 . 2009-05-25 07:21 1245184 ----a-w- c:\windows\system32\bkll.dll 2012-05-04 21:27 . 2009-05-25 07:21 1986560 ----a-w- c:\windows\system32\akll.dll 2012-05-04 21:27 . 2009-05-25 07:21 90112 ----a-w- c:\windows\system32\agsaami.dll 2012-05-04 21:27 . 2009-05-25 07:21 2535424 ----a-w- c:\windows\system32\agsaamj.dll 2012-05-04 21:27 . 2009-05-25 07:21 610304 ----a-w- c:\windows\system32\agsaamg.dll 2012-05-04 21:27 . 2009-05-25 07:21 372736 ----a-w- c:\windows\system32\agsaamc.dll 2012-04-24 00:46 . 2009-01-05 14:40 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-24 00:46 . 2010-05-31 13:10 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 02:24 . 2012-04-02 13:24 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller .exe 2012-04-11 13:51 . 2008-04-14 17:07 1862144 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:51 . 2008-04-14 21:12 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:51 . 2008-04-14 17:12 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys 2012-03-26 21:45 . 2010-03-26 19:07 32768 ----a-w- c:\windows\system32\drivers\taphss.sys 2012-04-25 11:17 . 2011-12-11 11:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-14 11:08 . 2011-09-09 11:24 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) )))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-05-02 3134896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~ 1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscu pgrd.exe" [2004-08-03 44544] . c:\documents and settings\Administrator.E8006B72C1BE445.0 00\قائمة ابدأ\البرامج\بدء التشغيل\ setup_9-by mo3th_alhilalclub.lnk - c:\documents and settings\Administrator.E8006B72C1BE445.0 00\سطح المكتب\Virus Removal Tool\setup_9-by mo3th_alhilalclub\startup.exe [2011-3-3 72208] . c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-20 576104] . [HKEY_LOCAL_MACHINE\system\currentcontrol set\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Control\SafeBoot\Minimal\Wdf01000.sy s] @="Driver" . [HKEY_CURRENT_USER\software\microsoft\win dows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon. exe "IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot "Google Update"="c:\documents and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\run-] "KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" "RTHDCPL"=RTHDCPL.EXE "Alcmtr"=ALCMTR.EXE "IgfxTray"=c:\windows\system32\igfxtray. exe "HotKeysCmds"=c:\windows\system32\hkcmd. exe "Persistence"=c:\windows\system32\igfxpe rs.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= . [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\GloballyO penPorts\List] "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot "53:UDP"= 53:UDP:Internet Connection Sharing (DNS Server-In) "67:UDP"= 67:UDP:Internet Connection Sharing (DHCP Server-In) "1317:UDP"= 1317:UDP:Internet Connection Sharing (DHCP Server-In, DS-Shifted) "68:UDP"= 68:UDP:Internet Connection Sharing (DHCPv4-In) "547:UDP"= 547:UDP:Internet Connection Sharing (DHCPv6-In) "1303:UDP"= 1303:UDP:Internet Connection Sharing (DNS Server-In, DS-Shifted) . [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\IcmpSetti ngs] "AllowInboundEchoRequest"= 1 (0x1) . R0 06275392;06275392 Boot Guard Driver;c:\windows\system32\drivers\06275 392.sys [03/03/2011 02:57 ص 37392] R0 40011202;40011202 Boot Guard Driver;c:\windows\system32\drivers\40011 202.sys [03/03/2011 12:52 م 37392] R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\dr ivers\AVGIDSEH.sys [11/07/2011 01:14 ص 23120] R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHi dBus.sys [07/01/2009 11:39 م 20744] R0 sptd;sptd;c:\windows\system32\drivers\sp td.sys [08/02/2011 08:41 م 691696] R1 06275391;06275391;c:\windows\system32\dr ivers\06275391.sys [03/03/2011 02:57 ص 128016] R1 40011201;40011201;c:\windows\system32\dr ivers\40011201.sys [03/03/2011 12:52 م 128016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtd ix.sys [11/07/2011 01:14 ص 295248] R1 setup_9-by mo3th_alhilalclubdrv;setup_9-by mo3th_alhilalclubdrv;c:\windows\system32 \drivers\4001120.sys [03/03/2011 12:52 م 315408] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eap pkt.sys [21/09/2011 04:29 م 38144] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sy s [21/05/2010 12:40 ص 70704] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [20/05/2010 11:40 م 539184] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\Intc Hdmi.sys [08/02/2011 06:31 م 110080] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS51 21.sys [05/01/2009 06:13 م 156160] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt286 0.sys [02/03/2012 07:52 م 966912] S1 gwrgzuhh;gwrgzuhh;\??\c:\windows\system3 2\drivers\gwrgzuhh.sys --> c:\windows\system32\drivers\gwrgzuhh.sys [?] S1 kl2;Kl2;\??\c:\windows\system32\drivers\ kl2.sys --> c:\windows\system32\drivers\kl2.sys [?] S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sy s --> c:\windows\system32\DRIVERS\tdx.sys [?] S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc .dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [14/04/2008 08:30 م 14336] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Fla sh\FlashPlayerUpdateService.exe [02/04/2012 02:46 م 257696] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btne tBus.sys [07/12/2008 12:44 م 30088] S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system3 2\DRIVERS\cnnctfy2.sys --> c:\windows\system32\DRIVERS\cnnctfy2.sys [?] S3 easytether;easytether;c:\windows\system3 2\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtB tBus.sys [02/07/2008 02:58 م 26248] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5 .sys --> c:\windows\system32\DRIVERS\klim5.sys [?] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klm ouflt.sys --> c:\windows\system32\DRIVERS\klmouflt.sys [?] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8 187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?] S3 SWDUMon;SWDUMon;c:\windows\system32\driv ers\SWDUMon.sys [19/05/2012 12:54 ص 11232] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsa m.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?] S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [14/04/2008 08:30 م 14336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IPHLPSVC . Contents of the 'Scheduled Tasks' folder . 2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\Flash PlayerUpdateService.exe [2012-04-02 14:00] . 2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1343024091-682003330-1003Core.job - c:\documents and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-07 16:59] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1343024091-682003330-1003UA.job - c:\documents and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-07 16:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.alnaddy.com/?t=sa&babsrc=HP_ss&mntrId=c02a0536000000 00000000ffd5128068 IE: ????? ???? ?????? Internet Download Manager IE: ????? ????? FLV ?????? Internet Download Manager IE: ????? ?????? Internet Download Manager IE: E???? ??E?? FLV E?C??E Internet Download Manager IE: E???? C??? E?C??E Internet Download Manager IE: E???? E?C??E Internet Download Manager IE: E???? ??E?? FLV E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm IE: E???? C??? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm IE: E???? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm LSP: c:\windows\system32\idmmbc.dll LSP: c:\program files\VMware\VMware Player\vsocklib.dll TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Lg\Application Data\Mozilla\Firefox\Profiles\8nfus49w.d efault\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSou rce=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q= FF - prefs.js: network.proxy.ftp - 132.72.23.10 FF - prefs.js: network.proxy.ftp_port - 3127 FF - prefs.js: network.proxy.gopher - 132.72.23.10 FF - prefs.js: network.proxy.gopher_port - 3127 FF - prefs.js: network.proxy.socks - 132.72.23.10 FF - prefs.js: network.proxy.socks_port - 3127 FF - prefs.js: network.proxy.ssl - 132.72.23.10 FF - prefs.js: network.proxy.ssl_port - 3127 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) Notify-klogon - (no file) AddRemove-DFX - c:\program files\DFX\uninstall.exe . . . **************************************** ********************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-13 04:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . **************************************** ********************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{5C082286-DD56-6B96-110FABAC317C22E3}\{17077DA0-F2D9-EF48-DBC13F521337D931}\{A783887F-564D-BBBA-662193019693FEBC}*] "SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21, 5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61 . [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{69446aa7-7eeb-4140-8ad4-7fecc4641958}] @Denied: (Full) (Everyone) "Model"=dword:000000e0 "Therad"=dword:00000022 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,3 1,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3 c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):97,39,9f,c6,ed,bd,24,ab, 70,01,12,0a,d7,da,4d,7a,ce,c7,03,69,c4, 1a,29,7c,5f,e3,23,61,62,0c,76,cd,f9,f4,7 c,2c,c5,8e,a4,98,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{ADCDC452-5950-0BD6-5DEB640DBA321648}\{0A2FAA8F-EDBD-61CA-231081ECE2D6CFC4}\{38D3EADC-5C2C-A096-9079D739DE5BCFA9}*] "SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21, 5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61 . [HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{F9E7FB8A-7FC0-F5C6-C2C005BCC6E52A75}\{38D64012-6403-EA81-41E60280EAB79558}\{8D4E630B-001F-4733-DF87B943421629E7}*] "SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21, 5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3168) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes. dll c:\windows\system32\PortableDeviceApi.dl l . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\agrsmsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EX E . **************************************** ********************************** . Completion time: 2012-06-13 04:59:55 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-13 01:59 ComboFix2.txt 2011-02-24 00:30 ComboFix3.txt 2010-12-24 10:52 . Pre-Run: 37,450,186,752 bytes free Post-Run: 37,606,232,064 bytes free . - - End Of File - - 85263D40A8F430AEAF7B699C96106B96 __DEFINE_LIKE_SHARE__ |
مواقع النشر (المفضلة) |
| |
المواضيع المتشابهه | ||||
الموضوع | كاتب الموضوع | المنتدى | مشاركات | آخر مشاركة |
ماذا يحمل تقرير لجنة تقصي الحقائق في أحداث البحرين ؟ - ايلاف | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 11-21-2011 12:20 AM |
تقرير منتج نظافة يحمل اسم لفظ الجلاله((هااآم)) | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 11-22-2010 04:59 AM |
ضروري ابغي مسنجر e71 ارجوكم | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 10-01-2009 06:40 PM |
ارجوكم حد يحمل الرابطين من mediafier و يرفهم لي على موقع اخر؟ | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 06-26-2009 05:10 PM |
ارجوكم ابغى طريقه للبي دي اف | محروم.كوم | منتدى أخبار المواقع والمنتديات العربية والأجنبية | 0 | 04-14-2009 10:10 AM |