منتدى استراحات زايد

منتدى استراحات زايد (http://vb.ma7room.com/index.php)
-   منتدى أخبار المواقع والمنتديات العربية والأجنبية (http://vb.ma7room.com/forumdisplay.php?f=183)
-   -   الجهاز ثقيل+يعلق التقرير (http://vb.ma7room.com/showthread.php?t=629186)

محروم.كوم 10-13-2011 11:10 AM
الجهاز ثقيل+يعلق التقرير
 
ComboFix 11-10-12.04 - user 10/13/2011 3:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1015.479 [GMT 3:00]
Running from: c:\documents and settings\user\My Documents\Downloads\Programs\ComboFix.ex e
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
.
c:\documents and settings\user\Application Data\IDM\idmmzcc3
c:\documents and settings\user\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\user\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xp t
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\idmhelper. js
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\idmhelper2 .js
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\idmmzcc.dl l
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\iIDMHelper .xpt
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\iIDMHelper 2.xpt
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\iIDMMzCC.x pt
c:\documents and settings\user\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\user\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\user\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\user\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\user\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\user\Application Data\Toolbar4
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\affid.dat
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\basis.xml
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af 8d7c033b46fe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\36edbd9cd1d972f7b815 c3c429d9e778
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\384dd5f4dc8eb162d016 6cf3e1983447
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\43419161128879d147fb 21fd1185d8f7
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a 736d1b4dbc82
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\64e4586cb76a6d771efd 6aa0dbd47fa6
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac 64a6095eab39
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7d68a903233acbec65db 87612595c3ac
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\8c235243c3aad8118ee7 ed29f53cb902
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\8d7129d91fe9f4f63cdc 5db9c5b4ccd4
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e1 7f52e84dc6cc
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\a6f8eb41f8d7d49bf9ac cb840e34d113
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\b843ee60838c8db512c8 7a29ab597203
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\ba58480f80c850e9f965 37a2d506cbcf
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bbd4451cfb304063dfd6 66cc1085169e
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bbd70e0c6a27130f40bc 8806e5252b76
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bc862d949e86a779dddf a76b8fd71438
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bdcf0ed363b85538f740 c9b718bf611c
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d 48b077a802ff
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c4febd1a585c3ce70660 e8fe92979428
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\db97ecdde59727f50132 d25b008ece4e
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648 b261e3cf263d
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\e4d2dc592e1860231710 24ecfc7104a0
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\e7325df8b288bf18b950 185166ce1f47
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\ede2cc6831d0d59cd64a e1ed6a71978a
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\icons.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\590d4f27c6ae 6e87b911b421f2534dd6
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\5a28af1179f8 1725f2fc620831b4b533
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\info.txt
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\install.ico
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbback.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbbigopen.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbclose.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbfwd.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbsep.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\nav1c.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\tbcore3.inf
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\TbHelper2.exe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\uninstall.exe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\update.exe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\version.txt
c:\program files\AccmeWare DB Toolbar\tbHElper.dll
c:\program files\Internet Explorer\SET10.tmp
c:\program files\Internet Explorer\SET11.tmp
c:\program files\Internet Explorer\SET132.tmp
c:\program files\Internet Explorer\SET133.tmp
c:\program files\Internet Explorer\SET134.tmp
c:\program files\Internet Explorer\SET14.tmp
c:\program files\Internet Explorer\SET15.tmp
c:\program files\Internet Explorer\SET16.tmp
c:\program files\Internet Explorer\SET1B0.tmp
c:\program files\Internet Explorer\SET1B1.tmp
c:\program files\Internet Explorer\SET1CE.tmp
c:\program files\Internet Explorer\SET1CF.tmp
c:\program files\Internet Explorer\SET1D0.tmp
c:\program files\Internet Explorer\SET22D.tmp
c:\program files\Internet Explorer\SET22E.tmp
c:\program files\Internet Explorer\SET22F.tmp
c:\program files\Internet Explorer\SET296.tmp
c:\program files\Internet Explorer\SET297.tmp
c:\program files\Internet Explorer\SET298.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET7D.tmp
c:\program files\Internet Explorer\SET7E.tmp
c:\program files\Internet Explorer\SET7F.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\program files\Internet Explorer\SETA6.tmp
c:\program files\Internet Explorer\SETA7.tmp
c:\program files\Internet Explorer\SETA8.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\Internet Explorer\SETCD.tmp
c:\program files\Internet Explorer\SETCE.tmp
c:\program files\Internet Explorer\SETCF.tmp
c:\program files\Internet Explorer\SETD.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\program files\RelevantKnowledge
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\spool\prtprocs\w32x8 6\filterpipelineprintproc.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-12 19:14 . 2011-10-12 19:14 -------- dc----w- c:\windows\LastGood
2011-10-12 19:14 . 2011-08-22 23:41 105984 -c--a-w- c:\windows\system32\SET1A1.tmp
2011-10-12 19:14 . 2011-08-22 23:41 2000384 -c--a-w- c:\windows\system32\SET1AB.tmp
2011-10-12 19:14 . 2011-10-03 08:34 5971456 -c--a-w- c:\windows\system32\SET1A5.tmp
2011-10-12 19:14 . 2011-08-22 23:41 184320 -c----w- c:\windows\system32\SET1AC.tmp
2011-10-12 19:14 . 2011-08-22 23:41 916480 -c--a-w- c:\windows\system32\SET19F.tmp
2011-10-12 19:14 . 2011-08-22 23:41 1212416 -c--a-w- c:\windows\system32\SET1A0.tmp
2011-10-12 19:14 . 2011-08-22 23:41 602112 -c--a-w- c:\windows\system32\SET1A7.tmp
2011-10-12 19:14 . 2011-08-22 23:41 55296 -c--a-w- c:\windows\system32\SET1A6.tmp
2011-10-11 23:32 . 2011-10-11 23:32 -------- dc----w- c:\documents and settings\user\Application Data\Boilsoft
2011-10-11 23:32 . 2011-10-11 23:32 -------- dc----w- c:\program files\RM to MP3 Converter
2011-10-11 23:27 . 2011-10-11 23:27 -------- dc----w- c:\program files\Common Files\Common Share
2011-10-11 23:27 . 2008-12-18 10:38 719872 -c--a-w- c:\windows\system32\devil.dll
2011-10-11 23:27 . 2008-12-18 10:38 351744 -c--a-w- c:\windows\system32\avisynth.dll
2011-10-11 23:27 . 2008-12-18 10:38 1700352 -c--a-w- c:\windows\system32\gdiplus.dll
2011-10-11 23:27 . 2008-12-18 10:38 1060864 -c--a-w- c:\windows\system32\mfc71.dll
2011-10-11 23:27 . 2011-10-11 23:27 -------- dc----w- c:\program files\OJOsoft
2011-10-11 23:09 . 2011-10-11 23:09 -------- dc----w- c:\documents and settings\user\Application Data\MP3 Cut
2011-10-11 23:08 . 2011-10-11 23:08 -------- dc----w- c:\documents and settings\user\Local Settings\Application Data\Minibar
2011-10-11 23:08 . 2011-10-13 00:18 -------- dc----w- c:\program files\AccmeWare DB Toolbar
2011-10-02 20:08 . 2011-10-02 20:10 -------- dc-h--w- c:\windows\ie8
2011-10-02 18:53 . 2011-08-22 23:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-02 18:53 . 2011-08-22 23:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.d ll
2011-10-02 18:53 . 2011-08-22 23:41 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dl l
2011-10-02 18:53 . 2011-06-21 11:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.ex e
2011-10-02 18:53 . 2009-03-08 01:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dl l
2011-10-02 18:53 . 2011-08-23 14:41 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-02 18:53 . 2009-03-08 01:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-10-02 17:34 . 2009-02-06 18:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.da t
2011-10-02 15:52 . 2011-10-02 15:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 13:50 . 2011-10-02 14:15 -------- dc----w- c:\program files\Perfect Uninstaller
2011-10-02 13:17 . 2011-10-02 13:17 -------- dc----w- c:\documents and settings\user\Application Data\Uniblue
2011-10-02 13:17 . 2011-10-02 13:17 -------- dc----w- c:\documents and settings\user\Application Data\BabylonToolbar
2011-10-02 13:17 . 2011-10-02 13:58 -------- dc----w- c:\program files\R4U Soft
2011-10-02 13:17 . 2011-10-02 13:17 -------- dc----w- c:\program files\Babylon
2011-10-02 13:17 . 2011-10-02 13:17 -------- dc----r- C:\AHCache
2011-10-02 11:49 . 2011-10-02 11:49 -------- dc----w- c:\program files\FileHippo.com
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc----w- c:\program files\Topaz Labs
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc----w- c:\program files\Common Files\Topaz Labs
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{13795121-80CF-4D45-9175-8FD79D18EF7E}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C8DF6520-3E59-4590-A678-CB275CEADF10}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{682FE305-7958-4875-9B95-34673E7151AD}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{529BBEB3-0369-420C-BD9C-37553D289203}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E6AF2639-F710-4F5B-8830-95A396FB523F}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{AB404F93-CDCE-40D9-8D4E-8606C84D368C}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8265C354-3D13-4FE5-95C7-65F277FF3041}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6C47B826-5902-49BB-BF6B-68F5716FD827}
2011-10-02 10:24 . 2011-10-02 11:40 -------- dc----w- C:\zwga
2011-10-01 22:13 . 2011-10-01 22:13 -------- dc----w- C:\Intel
2011-10-01 22:07 . 2011-10-01 22:08 -------- dc----w- c:\documents and settings\All Users\Application Data\SweetIM
2011-10-01 22:07 . 2011-10-01 22:07 -------- dc----w- c:\program files\SweetIM
2011-09-26 08:41 . 2011-09-26 08:41 611840 -c--a-w- c:\windows\system32\SET260.tmp
2011-09-26 08:41 . 2011-09-26 08:41 20480 -c--a-w- c:\windows\system32\SET25F.tmp
2011-09-26 08:41 . 2011-09-26 08:41 20480 -c--a-w- c:\windows\system32\dllcache\SET28B.tmp
2011-09-26 08:41 . 2011-09-26 08:41 220160 -c--a-w- c:\windows\system32\SET25E.tmp
2011-09-26 08:41 . 2011-09-26 08:41 220160 -c--a-w- c:\windows\system32\dllcache\SET26B.tmp
2011-09-22 11:56 . 2011-09-22 11:56 -------- dc----w- c:\documents and settings\user\Local Settings\Application Data\Identities
2011-09-15 00:01 . 2010-12-09 15:13 2150400 -c--a-w- c:\windows\system32\KERNEL.TMP
2011-09-14 21:57 . 2011-09-14 21:57 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-09-14 21:50 . 2011-09-14 21:50 -------- dc----w- c:\program files\themexp.org
2011-09-14 21:47 . 2011-10-02 11:35 -------- dc----w- c:\documents and settings\user\Local Settings\Application Data\Avanquest_EN
2011-09-14 21:47 . 2011-10-02 11:29 -------- dc----w- c:\program files\Avanquest_EN
2011-09-14 21:47 . 2011-09-14 21:47 -------- dc----w- c:\program files\TGTSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2011-09-09 09:11 . 2008-04-15 12:00 598016 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:09 . 2008-04-15 12:00 1858816 -c--a-w- c:\windows\system32\win32k.sys
2011-08-23 14:41 . 2011-08-23 14:41 11081728 -c--a-w- c:\windows\system32\SET1AD.tmp
2011-08-22 23:41 . 2010-03-12 16:57 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2010-03-12 16:57 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2010-03-12 16:57 385024 -c----w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-15 12:00 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29 . 2008-04-15 12:00 456320 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-03-12 . CA1867A515E40A015BA6D9ADD83FB823 . 1571328 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\explorer\shellicono verlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-11-03 13:41 65632 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-11-10 3265888]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\Googl eToolbarNotifier.exe" [2011-07-01 39408]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]
"IgfxTray"="c:\windows\system32\igfxtray .exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd .exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxp ers.exe" [2008-02-28 137752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-06-30 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"DWQueuedReporting"="c:\progra~1\COMMON~ 1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\user\قائمة ابدأ\البرامج\بدء التشغيل\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-1 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\se curity center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.17\\bi n\\httpd.exe"=
.
R1 IDMTDI;IDMTDI;c:\windows\system32\driver s\idmtdi.sys [30/06/2011 06:58 م 94296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30/06/2011 10:18 م 136360]
S2 gupdate;خدمة تحديث Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/07/2011 03:35 ص 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\driv ers\Ambfilt.sys [30/06/2011 06:51 م 1691480]
S3 gupdatem;خدمة Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/07/2011 03:35 ص 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachine Core.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 00:35]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachine UA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 00:35]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1454471165-1417001333-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-06 00:35]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1454471165-1417001333-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-06 00:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://www.bigseekpro.com/accmeware/{B7939F68-7B6B-461D-B1E8-9B15F0A3A41C}
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_m ui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************** **********************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 03:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************** **********************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{726dafff-6201-489e-b781-31e050643169}]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d6,98,eb,84,12,40,89,c5, e9,1e,62,0f,08,ed,a4,73,d3,59,5b,3c,73,
42,90,bc,83,e8,84,ac,24,43,e7,b2,1f,2f,5 7,1c,a2,41,a0,17,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\wbem\fastprox.dll
.
Completion time: 2011-10-13 03:22:41
ComboFix-quarantined-files.txt 2011-10-13 00:22
.
Pre-Run: 56,407,371,776 bytes free
Post-Run: 56,947,183,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition (1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WIND OWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E8F07CA610EC4AC9A8BDAAF946ABBA53


الساعة الآن 09:19 PM

Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By Almuhajir


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227