الجهاز ثقيل+يعلق التقرير

محروم.كوم · #1 10-13-2011, 11:10 AM

ComboFix 11-10-12.04 - user 10/13/2011 3:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1015.479 [GMT 3:00]
Running from: c:\documents and settings\user\My Documents\Downloads\Programs\ComboFix.ex e
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
.
c:\documents and settings\user\Application Data\IDM\idmmzcc3
c:\documents and settings\user\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\user\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xp t
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\idmhelper. js
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\idmhelper2 .js
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\idmmzcc.dl l
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\iIDMHelper .xpt
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\iIDMHelper 2.xpt
c:\documents and settings\user\Application Data\IDM\idmmzcc3\components2\iIDMMzCC.x pt
c:\documents and settings\user\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\user\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\user\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\user\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\user\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\user\Application Data\Toolbar4
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\affid.dat
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\basis.xml
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af 8d7c033b46fe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\36edbd9cd1d972f7b815 c3c429d9e778
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\384dd5f4dc8eb162d016 6cf3e1983447
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\43419161128879d147fb 21fd1185d8f7
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a 736d1b4dbc82
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\64e4586cb76a6d771efd 6aa0dbd47fa6
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac 64a6095eab39
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7d68a903233acbec65db 87612595c3ac
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\8c235243c3aad8118ee7 ed29f53cb902
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\8d7129d91fe9f4f63cdc 5db9c5b4ccd4
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e1 7f52e84dc6cc
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\a6f8eb41f8d7d49bf9ac cb840e34d113
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\b843ee60838c8db512c8 7a29ab597203
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\ba58480f80c850e9f965 37a2d506cbcf
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bbd4451cfb304063dfd6 66cc1085169e
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bbd70e0c6a27130f40bc 8806e5252b76
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bc862d949e86a779dddf a76b8fd71438
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bdcf0ed363b85538f740 c9b718bf611c

c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d 48b077a802ff
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c4febd1a585c3ce70660 e8fe92979428
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\db97ecdde59727f50132 d25b008ece4e
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648 b261e3cf263d
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\e4d2dc592e1860231710 24ecfc7104a0
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\e7325df8b288bf18b950 185166ce1f47
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\ede2cc6831d0d59cd64a e1ed6a71978a
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\icons.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\590d4f27c6ae 6e87b911b421f2534dd6
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\5a28af1179f8 1725f2fc620831b4b533
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\info.txt
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\install.ico
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbback.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbbigopen.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbclose.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbfwd.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbsep.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\nav1c.bmp
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\tbcore3.inf
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\TbHelper2.exe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\uninstall.exe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\update.exe
c:\documents and settings\user\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\version.txt
c:\program files\AccmeWare DB Toolbar\tbHElper.dll
c:\program files\Internet Explorer\SET10.tmp
c:\program files\Internet Explorer\SET11.tmp
c:\program files\Internet Explorer\SET132.tmp
c:\program files\Internet Explorer\SET133.tmp
c:\program files\Internet Explorer\SET134.tmp
c:\program files\Internet Explorer\SET14.tmp
c:\program files\Internet Explorer\SET15.tmp
c:\program files\Internet Explorer\SET16.tmp
c:\program files\Internet Explorer\SET1B0.tmp
c:\program files\Internet Explorer\SET1B1.tmp
c:\program files\Internet Explorer\SET1CE.tmp
c:\program files\Internet Explorer\SET1CF.tmp
c:\program files\Internet Explorer\SET1D0.tmp
c:\program files\Internet Explorer\SET22D.tmp
c:\program files\Internet Explorer\SET22E.tmp
c:\program files\Internet Explorer\SET22F.tmp
c:\program files\Internet Explorer\SET296.tmp
c:\program files\Internet Explorer\SET297.tmp
c:\program files\Internet Explorer\SET298.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET7D.tmp
c:\program files\Internet Explorer\SET7E.tmp
c:\program files\Internet Explorer\SET7F.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\program files\Internet Explorer\SETA6.tmp
c:\program files\Internet Explorer\SETA7.tmp
c:\program files\Internet Explorer\SETA8.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\Internet Explorer\SETCD.tmp
c:\program files\Internet Explorer\SETCE.tmp

c:\program files\Internet Explorer\SETCF.tmp
c:\program files\Internet Explorer\SETD.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\program files\RelevantKnowledge
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\spool\prtprocs\w32x8 6\filterpipelineprintproc.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-12 19:14 . 2011-10-12 19:14 -------- dc----w- c:\windows\LastGood
2011-10-12 19:14 . 2011-08-22 23:41 105984 -c--a-w- c:\windows\system32\SET1A1.tmp
2011-10-12 19:14 . 2011-08-22 23:41 2000384 -c--a-w- c:\windows\system32\SET1AB.tmp
2011-10-12 19:14 . 2011-10-03 08:34 5971456 -c--a-w- c:\windows\system32\SET1A5.tmp
2011-10-12 19:14 . 2011-08-22 23:41 184320 -c----w- c:\windows\system32\SET1AC.tmp
2011-10-12 19:14 . 2011-08-22 23:41 916480 -c--a-w- c:\windows\system32\SET19F.tmp
2011-10-12 19:14 . 2011-08-22 23:41 1212416 -c--a-w- c:\windows\system32\SET1A0.tmp
2011-10-12 19:14 . 2011-08-22 23:41 602112 -c--a-w- c:\windows\system32\SET1A7.tmp
2011-10-12 19:14 . 2011-08-22 23:41 55296 -c--a-w- c:\windows\system32\SET1A6.tmp
2011-10-11 23:32 . 2011-10-11 23:32 -------- dc----w- c:\documents and settings\user\Application Data\Boilsoft
2011-10-11 23:32 . 2011-10-11 23:32 -------- dc----w- c:\program files\RM to MP3 Converter
2011-10-11 23:27 . 2011-10-11 23:27 -------- dc----w- c:\program files\Common Files\Common Share
2011-10-11 23:27 . 2008-12-18 10:38 719872 -c--a-w- c:\windows\system32\devil.dll
2011-10-11 23:27 . 2008-12-18 10:38 351744 -c--a-w- c:\windows\system32\avisynth.dll
2011-10-11 23:27 . 2008-12-18 10:38 1700352 -c--a-w- c:\windows\system32\gdiplus.dll
2011-10-11 23:27 . 2008-12-18 10:38 1060864 -c--a-w- c:\windows\system32\mfc71.dll
2011-10-11 23:27 . 2011-10-11 23:27 -------- dc----w- c:\program files\OJOsoft
2011-10-11 23:09 . 2011-10-11 23:09 -------- dc----w- c:\documents and settings\user\Application Data\MP3 Cut
2011-10-11 23:08 . 2011-10-11 23:08 -------- dc----w- c:\documents and settings\user\Local Settings\Application Data\Minibar
2011-10-11 23:08 . 2011-10-13 00:18 -------- dc----w- c:\program files\AccmeWare DB Toolbar
2011-10-02 20:08 . 2011-10-02 20:10 -------- dc-h--w- c:\windows\ie8
2011-10-02 18:53 . 2011-08-22 23:41 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-02 18:53 . 2011-08-22 23:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.d ll
2011-10-02 18:53 . 2011-08-22 23:41 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dl l
2011-10-02 18:53 . 2011-06-21 11:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.ex e
2011-10-02 18:53 . 2009-03-08 01:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dl l
2011-10-02 18:53 . 2011-08-23 14:41 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-02 18:53 . 2009-03-08 01:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-10-02 17:34 . 2009-02-06 18:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.da t
2011-10-02 15:52 . 2011-10-02 15:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-02 13:50 . 2011-10-02 14:15 -------- dc----w- c:\program files\Perfect Uninstaller
2011-10-02 13:17 . 2011-10-02 13:17 -------- dc----w- c:\documents and settings\user\Application Data\Uniblue
2011-10-02 13:17 . 2011-10-02 13:17 -------- dc----w- c:\documents and settings\user\Application Data\BabylonToolbar
2011-10-02 13:17 . 2011-10-02 13:58 -------- dc----w- c:\program files\R4U Soft
2011-10-02 13:17 . 2011-10-02 13:17 -------- dc----w- c:\program files\Babylon
2011-10-02 13:17 . 2011-10-02 13:17 -------- dc----r- C:\AHCache
2011-10-02 11:49 . 2011-10-02 11:49 -------- dc----w- c:\program files\FileHippo.com
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc----w- c:\program files\Topaz Labs
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc----w- c:\program files\Common Files\Topaz Labs
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{13795121-80CF-4D45-9175-8FD79D18EF7E}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C8DF6520-3E59-4590-A678-CB275CEADF10}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{682FE305-7958-4875-9B95-34673E7151AD}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{529BBEB3-0369-420C-BD9C-37553D289203}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E6AF2639-F710-4F5B-8830-95A396FB523F}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{AB404F93-CDCE-40D9-8D4E-8606C84D368C}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8265C354-3D13-4FE5-95C7-65F277FF3041}
2011-10-02 11:39 . 2011-10-02 11:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6C47B826-5902-49BB-BF6B-68F5716FD827}
2011-10-02 10:24 . 2011-10-02 11:40 -------- dc----w- C:\zwga
2011-10-01 22:13 . 2011-10-01 22:13 -------- dc----w- C:\Intel
2011-10-01 22:07 . 2011-10-01 22:08 -------- dc----w- c:\documents and settings\All Users\Application Data\SweetIM
2011-10-01 22:07 . 2011-10-01 22:07 -------- dc----w- c:\program files\SweetIM
2011-09-26 08:41 . 2011-09-26 08:41 611840 -c--a-w- c:\windows\system32\SET260.tmp
2011-09-26 08:41 . 2011-09-26 08:41 20480 -c--a-w- c:\windows\system32\SET25F.tmp
2011-09-26 08:41 . 2011-09-26 08:41 20480 -c--a-w- c:\windows\system32\dllcache\SET28B.tmp
2011-09-26 08:41 . 2011-09-26 08:41 220160 -c--a-w- c:\windows\system32\SET25E.tmp
2011-09-26 08:41 . 2011-09-26 08:41 220160 -c--a-w- c:\windows\system32\dllcache\SET26B.tmp
2011-09-22 11:56 . 2011-09-22 11:56 -------- dc----w- c:\documents and settings\user\Local Settings\Application Data\Identities
2011-09-15 00:01 . 2010-12-09 15:13 2150400 -c--a-w- c:\windows\system32\KERNEL.TMP
2011-09-14 21:57 . 2011-09-14 21:57 0 -c--a-w- c:\windows\system32\ConduitEngine.tmp
2011-09-14 21:50 . 2011-09-14 21:50 -------- dc----w- c:\program files\themexp.org
2011-09-14 21:47 . 2011-10-02 11:35 -------- dc----w- c:\documents and settings\user\Local Settings\Application Data\Avanquest_EN
2011-09-14 21:47 . 2011-10-02 11:29 -------- dc----w- c:\program files\Avanquest_EN
2011-09-14 21:47 . 2011-09-14 21:47 -------- dc----w- c:\program files\TGTSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2011-09-09 09:11 . 2008-04-15 12:00 598016 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:09 . 2008-04-15 12:00 1858816 -c--a-w- c:\windows\system32\win32k.sys
2011-08-23 14:41 . 2011-08-23 14:41 11081728 -c--a-w- c:\windows\system32\SET1AD.tmp
2011-08-22 23:41 . 2010-03-12 16:57 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2010-03-12 16:57 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2010-03-12 16:57 385024 -c----w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-15 12:00 138496 -c--a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29 . 2008-04-15 12:00 456320 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-03-12 . CA1867A515E40A015BA6D9ADD83FB823 . 1571328 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\explorer\shellicono verlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-11-03 13:41 65632 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-11-10 3265888]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\Googl eToolbarNotifier.exe" [2011-07-01 39408]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-01-21 20026472]
"IgfxTray"="c:\windows\system32\igfxtray .exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd .exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxp ers.exe" [2008-02-28 137752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-06-30 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"DWQueuedReporting"="c:\progra~1\COMMON~ 1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\user\قائمة ابدأ\البرامج\بدء التشغيل\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-1 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\se curity center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.17\\bi n\\httpd.exe"=
.
R1 IDMTDI;IDMTDI;c:\windows\system32\driver s\idmtdi.sys [30/06/2011 06:58 م 94296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30/06/2011 10:18 م 136360]
S2 gupdate;خدمة تحديث Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/07/2011 03:35 ص 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\driv ers\Ambfilt.sys [30/06/2011 06:51 م 1691480]
S3 gupdatem;خدمة Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/07/2011 03:35 ص 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachine Core.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 00:35]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachine UA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 00:35]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1454471165-1417001333-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-06 00:35]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1454471165-1417001333-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-06 00:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://www.bigseekpro.com/accmeware/{B7939F68-7B6B-461D-B1E8-9B15F0A3A41C}
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_m ui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************** **********************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 03:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************** **********************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{726dafff-6201-489e-b781-31e050643169}]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d6,98,eb,84,12,40,89,c5, e9,1e,62,0f,08,ed,a4,73,d3,59,5b,3c,73,
42,90,bc,83,e8,84,ac,24,43,e7,b2,1f,2f,5 7,1c,a2,41,a0,17,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\wbem\fastprox.dll
.
Completion time: 2011-10-13 03:22:41
ComboFix-quarantined-files.txt 2011-10-13 00:22
.
Pre-Run: 56,407,371,776 bytes free
Post-Run: 56,947,183,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition (1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WIND OWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E8F07CA610EC4AC9A8BDAAF946ABBA53 __DEFINE_LIKE_SHARE__

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
مساعدة الجهاز ثقيل ويعلق(مرفق التقرير)	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	09-25-2010 08:10 PM
جهازي يعلق الله يجزاكم خير احد يشوف لي التقرير	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	09-05-2010 01:40 PM
يعلق اذا شغلت ملفات .. شوفو التقرير	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	06-25-2010 03:40 PM
الجهاز مرات يعلق.؟	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	08-14-2009 01:30 PM
الجهاز بعد تشغيله بـ 35 - 60 دقيقة يعلق ~	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	04-20-2009 05:10 PM