منتدى استراحات زايد

منتدى استراحات زايد (http://vb.ma7room.com/index.php)
-   منتدى أخبار المواقع والمنتديات العربية والأجنبية (http://vb.ma7room.com/forumdisplay.php?f=183)
-   -   ارجوكم ابغى احد يحلل تقرير combofix (http://vb.ma7room.com/showthread.php?t=923846)

محروم.كوم 06-13-2012 08:40 AM
ارجوكم ابغى احد يحلل تقرير combofix
 
السلام عليكم

يااخوان تقرير كومبوفكس

هذا التقرير وابغى احد يحلله لي
لانا جهازي بطيء جداااااااااااااااااااااا
تكفووووووووووون

ComboFix 12-06-12.03 - Lg 06/13/2012 4:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.3003.2571 [GMT 3:00]
Running from: c:\combofix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
.
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xp t
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\Lg\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\Lg\WINDOWS
c:\program files\Internet Explorer\SET4DD.tmp
c:\program files\Internet Explorer\SET4DE.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61 a4.fb
c:\windows\system32\Cache\287204568329e1 89.fb
c:\windows\system32\Cache\28bc8f716fd76a 47.fb
c:\windows\system32\Cache\2c53092c956053 55.fb
c:\windows\system32\Cache\3917078cb68ec6 57.fb
c:\windows\system32\Cache\590ba23ce359fd 0c.fb
c:\windows\system32\Cache\610289e025a3ee 9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8b d1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3a d0.fb
c:\windows\system32\Cache\ad10a52aff5e03 8d.fb
c:\windows\system32\Cache\d201ef9910cd39 de.fb
c:\windows\system32\Cache\d2e94710a57081 28.fb
c:\windows\system32\Cache\d79b9dfe81484e c4.fb
c:\windows\system32\Cache\ea30917390194a dc.fb
c:\windows\system32\kakle.dll
c:\windows\system32\SET11.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET4E0.tmp
c:\windows\system32\SET4E1.tmp
c:\windows\system32\SET4E2.tmp
c:\windows\system32\SET4E3.tmp
c:\windows\system32\SET4E4.tmp
c:\windows\system32\SET4E5.tmp
c:\windows\system32\SET4E6.tmp
c:\windows\system32\SET4E7.tmp
c:\windows\system32\SET4E8.tmp
c:\windows\system32\SET4E9.tmp
c:\windows\system32\SET4EB.tmp
c:\windows\system32\SET4EC.tmp
c:\windows\system32\SET4ED.tmp
c:\windows\system32\SET4EF.tmp
c:\windows\system32\SET4F0.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET4F2.tmp
c:\windows\system32\SET4F3.tmp
c:\windows\system32\SET4F4.tmp
c:\windows\system32\SET4F5.tmp
c:\windows\system32\SET4F6.tmp
c:\windows\system32\SET4F7.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET4F9.tmp
c:\windows\system32\SET4FA.tmp
c:\windows\system32\SET4FB.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET4FE.tmp
c:\windows\system32\SET4FF.tmp
c:\windows\system32\SET500.tmp
c:\windows\system32\SET501.tmp
c:\windows\system32\SET502.tmp
c:\windows\system32\SET503.tmp
c:\windows\system32\SET504.tmp
c:\windows\system32\SETF.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))) )))))))))
.
.
-------\Legacy_VCS
-------\Service_Vcs
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-12 13:02 . 2012-06-12 13:02 -------- dc----w- C:\$WIN_NT$.~BT
2012-06-12 11:49 . 2012-06-12 11:49 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD8F6ACC-896C-4433-820C-AAFA803E66AD}\MpKsl4063c0a4.sys
2012-06-12 11:32 . 2012-05-08 16:40 6737808 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD8F6ACC-896C-4433-820C-AAFA803E66AD}\mpengine.dll
2012-06-11 08:31 . 2012-06-11 08:31 -------- d-----w- c:\program files\Trend Micro
2012-06-10 18:50 . 2012-06-10 18:50 -------- d-----w- c:\program files\Panda Security
2012-06-10 02:09 . 2009-09-04 14:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-06-10 02:09 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-06-10 02:09 . 2007-07-19 15:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-06-10 02:08 . 2007-05-16 13:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-06-10 00:53 . 2012-06-11 08:06 -------- d-----w- c:\program files\Hotspot Shield
2012-06-03 06:54 . 2012-06-12 13:30 -------- d-----w- c:\program files\FreeTime
2012-05-31 23:01 . 2012-06-03 05:32 -------- d-----w- c:\documents and settings\Lg\Application Data\SimpleTV V03
2012-05-24 01:47 . 2012-05-24 01:47 -------- d-----w- c:\program files\ElcomSoft
2012-05-20 23:59 . 2012-05-20 23:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-18 21:54 . 2012-05-21 00:02 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-05-18 21:54 . 2012-05-18 21:54 -------- d-----w- c:\documents and settings\Lg\Local Settings\Application Data\SlimWare Utilities Inc
2012-05-18 04:27 . 2012-05-18 04:27 -------- d-----w- c:\windows\system32\config\systemprofile \Application Data\IObit
2012-05-18 03:56 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-05-18 03:37 . 2012-02-23 11:25 21336 ----a-w- c:\windows\system32\RegistryDefragBootTi me.exe
2012-05-15 00:51 . 2012-06-12 13:40 -------- d-----w- c:\documents and settings\Lg\Local Settings\Application Data\DFX
2012-05-15 00:50 . 2011-10-14 14:47 174080 ----a-w- c:\windows\system32\dfxmm32.dll
2012-05-15 00:48 . 2012-06-12 13:40 -------- dc----w- c:\documents and settings\All Users\Application Data\DFX
2012-05-15 00:48 . 2012-05-15 00:50 -------- d-----w- c:\program files\Common Files\DFX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2012-05-31 13:21 . 2008-04-14 17:29 598016 ----a-w- c:\windows\system32\crypt32.dll
2012-05-11 14:00 . 2012-04-02 11:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 14:00 . 2011-06-15 05:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cp l
2012-05-04 21:27 . 2009-05-25 07:21 1212416 ----a-w- c:\windows\system32\ckll.dll
2012-05-04 21:27 . 2009-05-25 07:21 1245184 ----a-w- c:\windows\system32\bkll.dll
2012-05-04 21:27 . 2009-05-25 07:21 1986560 ----a-w- c:\windows\system32\akll.dll
2012-05-04 21:27 . 2009-05-25 07:21 90112 ----a-w- c:\windows\system32\agsaami.dll
2012-05-04 21:27 . 2009-05-25 07:21 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2012-05-04 21:27 . 2009-05-25 07:21 610304 ----a-w- c:\windows\system32\agsaamg.dll
2012-05-04 21:27 . 2009-05-25 07:21 372736 ----a-w- c:\windows\system32\agsaamc.dll
2012-04-24 00:46 . 2009-01-05 14:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-24 00:46 . 2010-05-31 13:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 02:24 . 2012-04-02 13:24 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller .exe
2012-04-11 13:51 . 2008-04-14 17:07 1862144 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2008-04-14 21:12 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2008-04-14 17:12 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2010-03-26 19:07 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-04-25 11:17 . 2011-12-11 11:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 11:08 . 2011-09-09 11:24 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-05-02 3134896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~ 1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscu pgrd.exe" [2004-08-03 44544]
.
c:\documents and settings\Administrator.E8006B72C1BE445.0 00\قائمة ابدأ\البرامج\بدء التشغيل\
setup_9-by mo3th_alhilalclub.lnk - c:\documents and settings\Administrator.E8006B72C1BE445.0 00\سطح المكتب\Virus Removal Tool\setup_9-by mo3th_alhilalclub\startup.exe [2011-3-3 72208]
.
c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-20 576104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrol set\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Control\SafeBoot\Minimal\Wdf01000.sy s]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\win dows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon. exe
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
"Google Update"="c:\documents and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\run-]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe"
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"IgfxTray"=c:\windows\system32\igfxtray. exe
"HotKeysCmds"=c:\windows\system32\hkcmd. exe
"Persistence"=c:\windows\system32\igfxpe rs.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\GloballyO penPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Internet Connection Sharing (DNS Server-In)
"67:UDP"= 67:UDP:Internet Connection Sharing (DHCP Server-In)
"1317:UDP"= 1317:UDP:Internet Connection Sharing (DHCP Server-In, DS-Shifted)
"68:UDP"= 68:UDP:Internet Connection Sharing (DHCPv4-In)
"547:UDP"= 547:UDP:Internet Connection Sharing (DHCPv6-In)
"1303:UDP"= 1303:UDP:Internet Connection Sharing (DNS Server-In, DS-Shifted)
.
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\IcmpSetti ngs]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 06275392;06275392 Boot Guard Driver;c:\windows\system32\drivers\06275 392.sys [03/03/2011 02:57 ص 37392]
R0 40011202;40011202 Boot Guard Driver;c:\windows\system32\drivers\40011 202.sys [03/03/2011 12:52 م 37392]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\dr ivers\AVGIDSEH.sys [11/07/2011 01:14 ص 23120]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHi dBus.sys [07/01/2009 11:39 م 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sp td.sys [08/02/2011 08:41 م 691696]
R1 06275391;06275391;c:\windows\system32\dr ivers\06275391.sys [03/03/2011 02:57 ص 128016]
R1 40011201;40011201;c:\windows\system32\dr ivers\40011201.sys [03/03/2011 12:52 م 128016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtd ix.sys [11/07/2011 01:14 ص 295248]
R1 setup_9-by mo3th_alhilalclubdrv;setup_9-by mo3th_alhilalclubdrv;c:\windows\system32 \drivers\4001120.sys [03/03/2011 12:52 م 315408]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eap pkt.sys [21/09/2011 04:29 م 38144]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sy s [21/05/2010 12:40 ص 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [20/05/2010 11:40 م 539184]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\Intc Hdmi.sys [08/02/2011 06:31 م 110080]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS51 21.sys [05/01/2009 06:13 م 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt286 0.sys [02/03/2012 07:52 م 966912]
S1 gwrgzuhh;gwrgzuhh;\??\c:\windows\system3 2\drivers\gwrgzuhh.sys --> c:\windows\system32\drivers\gwrgzuhh.sys [?]
S1 kl2;Kl2;\??\c:\windows\system32\drivers\ kl2.sys --> c:\windows\system32\drivers\kl2.sys [?]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sy s --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc .dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [14/04/2008 08:30 م 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Fla sh\FlashPlayerUpdateService.exe [02/04/2012 02:46 م 257696]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btne tBus.sys [07/12/2008 12:44 م 30088]
S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system3 2\DRIVERS\cnnctfy2.sys --> c:\windows\system32\DRIVERS\cnnctfy2.sys [?]
S3 easytether;easytether;c:\windows\system3 2\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtB tBus.sys [02/07/2008 02:58 م 26248]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5 .sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klm ouflt.sys --> c:\windows\system32\DRIVERS\klmouflt.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8 187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\driv ers\SWDUMon.sys [19/05/2012 12:54 ص 11232]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsa m.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [14/04/2008 08:30 م 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPHLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\Flash PlayerUpdateService.exe [2012-04-02 14:00]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1343024091-682003330-1003Core.job
- c:\documents and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-07 16:59]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1343024091-682003330-1003UA.job
- c:\documents and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-07 16:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alnaddy.com/?t=sa&babsrc=HP_ss&mntrId=c02a0536000000 00000000ffd5128068
IE: ????? ???? ?????? Internet Download Manager
IE: ????? ????? FLV ?????? Internet Download Manager
IE: ????? ?????? Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager
IE: E???? C??? E?C??E Internet Download Manager
IE: E???? E?C??E Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: E???? C??? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E???? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Lg\Application Data\Mozilla\Firefox\Profiles\8nfus49w.d efault\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSou rce=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q=
FF - prefs.js: network.proxy.ftp - 132.72.23.10
FF - prefs.js: network.proxy.ftp_port - 3127
FF - prefs.js: network.proxy.gopher - 132.72.23.10
FF - prefs.js: network.proxy.gopher_port - 3127
FF - prefs.js: network.proxy.socks - 132.72.23.10
FF - prefs.js: network.proxy.socks_port - 3127
FF - prefs.js: network.proxy.ssl - 132.72.23.10
FF - prefs.js: network.proxy.ssl_port - 3127
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-klogon - (no file)
AddRemove-DFX - c:\program files\DFX\uninstall.exe
.
.
.
**************************************** **********************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 04:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************** **********************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{5C082286-DD56-6B96-110FABAC317C22E3}\{17077DA0-F2D9-EF48-DBC13F521337D931}\{A783887F-564D-BBBA-662193019693FEBC}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{69446aa7-7eeb-4140-8ad4-7fecc4641958}]
@Denied: (Full) (Everyone)
"Model"=dword:000000e0
"Therad"=dword:00000022
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,3 1,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3 c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):97,39,9f,c6,ed,bd,24,ab, 70,01,12,0a,d7,da,4d,7a,ce,c7,03,69,c4,
1a,29,7c,5f,e3,23,61,62,0c,76,cd,f9,f4,7 c,2c,c5,8e,a4,98,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{ADCDC452-5950-0BD6-5DEB640DBA321648}\{0A2FAA8F-EDBD-61CA-231081ECE2D6CFC4}\{38D3EADC-5C2C-A096-9079D739DE5BCFA9}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{F9E7FB8A-7FC0-F5C6-C2C005BCC6E52A75}\{38D64012-6403-EA81-41E60280EAB79558}\{8D4E630B-001F-4733-DF87B943421629E7}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes. dll
c:\windows\system32\PortableDeviceApi.dl l
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EX E
.
**************************************** **********************************
.
Completion time: 2012-06-13 04:59:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 01:59
ComboFix2.txt 2011-02-24 00:30
ComboFix3.txt 2010-12-24 10:52
.
Pre-Run: 37,450,186,752 bytes free
Post-Run: 37,606,232,064 bytes free
.
- - End Of File - - 85263D40A8F430AEAF7B699C96106B96


الساعة الآن 07:49 PM

Powered by vBulletin® Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By Almuhajir


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227