 منذ /05-01-2012, 05:43 PM
|
#1 |
محبوب vib
| رقم العضوية : 9524 | | تاريخ التسجيل : 23 - 9 - 2008 | | المشاركات : 7,394 | | الحكمة المفضلة : United States | | SMS : | |  تقرير ComboFix
السلام عليكم هذا تقرير ComboFix وياليت تقولي كيف تحلل التقرير على شان ما اقروشك
ComboFix 12-04-31.03 - ASUS 05/01/2012 6:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.966.1025.18.2924.1744 [GMT 3:00]
Running from: c:\users\ASUS\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
.
c:\program files (x86)\Common Files\Net4Switch.ico
c:\program files\Common Files\Net4Switch.ico
c:\windows\10.exe
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 03:51 . 2012-05-01 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 05:29 . 2012-04-30 05:29 -------- d-----w- c:\users\ASUS\.Virtualbox
2012-04-30 05:29 . 2012-04-30 05:31 -------- d-----w- c:\users\ASUS\youwave
2012-04-30 05:29 . 2012-04-30 05:30 -------- d-----w- c:\program files (x86)\YouWave_Android
2012-04-28 09:46 . 2012-04-28 09:46 -------- d-----w- c:\windows\C0E8FE43C35B451DB35FD4BD056D7 0E7.TMP
2012-04-28 09:13 . 2012-04-28 09:20 -------- d-----w- C:\hsswd
2012-04-28 09:13 . 2012-04-28 09:13 -------- d-----w- C:\hssff
2012-04-28 04:17 . 2012-04-28 04:17 -------- d-----w- c:\programdata\NETGATE
2012-04-28 04:17 . 2012-04-28 04:17 -------- d-----w- c:\program files\NETGATE
2012-04-28 04:15 . 2012-04-28 04:17 -------- d-----w- c:\users\ASUS\AppData\Roaming\GetRightTo Go
2012-04-28 04:05 . 2012-04-18 00:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F33E5FEE-9496-4695-8560-FB0AF533D056}\mpengine.dll
2012-04-27 17:35 . 2012-04-27 18:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-27 16:09 . 2012-04-27 16:09 -------- d-----w- c:\users\ASUS\AppData\Roaming\Avira
2012-04-27 15:55 . 2012-04-27 15:55 -------- d-----w- c:\programdata\Avira
2012-04-27 15:55 . 2012-04-27 15:55 -------- d-----w- c:\program files (x86)\Avira
2012-04-27 14:12 . 2012-04-29 01:18 -------- d-----w- c:\users\ASUS\Doctor***
2012-04-27 08:54 . 2012-04-27 18:02 -------- d-----w- c:\program files (x86)\PhotoshopCS5 AR&EN
2012-04-25 05:24 . 2012-04-23 11:26 154272 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-24 19:14 . 2012-04-24 19:14 -------- d-----w- c:\users\ASUS\AppData\Local\ElevatedDiag nostics
2012-04-24 02:54 . 2012-04-24 02:54 -------- d-----w- c:\users\ASUS\AppData\Local\CRE
2012-04-24 02:53 . 2012-04-24 02:53 -------- d-----w- c:\program files (x86)\BrotherSoft_Extreme3
2012-04-22 23:42 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-22 23:42 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-22 23:42 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-22 23:42 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-22 23:42 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-22 23:42 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sy s
2012-04-22 23:42 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-22 23:42 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-22 23:42 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-22 23:42 . 2012-04-27 18:02 -------- d-----w- c:\programdata\AVAST Software
2012-04-22 23:42 . 2012-04-22 23:42 -------- d-----w- c:\program files\AVAST Software
2012-04-22 23:19 . 2012-04-22 23:19 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-22 03:17 . 2012-04-22 03:21 -------- d-----w- c:\program files\CCleaner
2012-04-21 14:12 . 2012-04-21 14:12 -------- d-----w- c:\program files (x86)\Ask.com
2012-04-21 14:11 . 2012-04-21 14:11 -------- d-----w- c:\users\ASUS\AppData\Local\APN
2012-04-16 09:28 . 2012-04-27 18:02 -------- d-----w- c:\users\ASUS\AppData\Roaming\Charles
2012-04-16 09:24 . 2012-04-16 09:24 -------- d-----w- c:\program files (x86)\Charles
2012-04-14 20:48 . 2012-04-14 20:48 -------- d-----w- c:\programdata\hssff
2012-04-14 05:21 . 2012-04-14 05:21 561992 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfr ee.com\components\afurladvisor11.dll
2012-04-12 06:29 . 2012-04-12 06:29 -------- d-----w- c:\users\ASUS\AppData\Local\ASUS
2012-04-11 22:40 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 22:40 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 22:40 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 22:37 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 22:37 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 22:37 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 22:37 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 22:37 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 22:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 22:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 19:05 . 2012-04-12 00:07 -------- d-----w- c:\programdata\Trend Micro
2012-04-11 18:53 . 2012-04-11 18:56 -------- d-----w- c:\program files\Trend Micro
2012-04-11 18:52 . 2012-04-11 18:52 3054136 ----a-w- c:\windows\AsScrPro.exe
2012-04-11 18:51 . 2012-04-28 09:48 -------- d-----w- c:\programdata\ASUS
2012-04-11 18:43 . 2012-04-11 18:43 -------- d-----w- C:\eSupport
2012-04-11 18:42 . 2012-04-28 09:34 -------- d-----w- C:\ASUS.DAT
2012-04-11 18:41 . 2001-09-04 23:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-11 18:41 . 2001-09-04 23:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\I******\i******.dll
2012-04-11 18:41 . 2001-09-04 23:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-11 18:41 . 2001-09-04 23:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-11 18:41 . 2006-10-09 16:07 183296 ----a-w- c:\windows\SysWow64\ACEngSvr.exe
2012-04-11 18:40 . 2012-04-28 09:39 -------- d-----w- c:\program files\ASUS
2012-04-11 18:40 . 2010-09-30 07:50 377264 ----a-w- c:\windows\system32\FBAgent.exe
2012-04-11 18:38 . 2012-04-28 09:25 -------- d-----w- c:\program files\P4G
2012-04-09 17:03 . 2012-04-23 03:28 -------- d-----w- c:\users\ASUS\AppData\Roaming\HpUpdate
2012-04-09 17:03 . 2010-11-16 18:24 750440 ----a-w- c:\windows\system32\HPDiscoPM9311.dll
2012-04-09 17:03 . 2012-04-09 17:06 -------- d-----w- c:\programdata\HP
2012-04-09 17:03 . 2012-04-27 18:02 -------- d-----w- c:\program files (x86)\HP
2012-04-09 17:02 . 2012-04-09 17:02 -------- d-----w- c:\users\ASUS\AppData\Local\HP
2012-04-06 07:24 . 2012-04-06 07:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-06 06:44 . 2012-04-06 06:44 -------- d-----w- c:\users\ASUS\AppData\Local\Windows Live Writer
2012-04-06 06:44 . 2012-04-06 06:44 -------- d-----w- c:\users\ASUS\AppData\Roaming\Windows Live Writer
2012-04-06 06:03 . 2012-04-06 06:03 -------- d-----w- c:\windows\ar
2012-04-06 05:11 . 2012-04-06 05:11 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-06 05:11 . 2012-03-08 15:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-06 05:06 . 2012-04-06 05:11 -------- d-----w- c:\program files\Windows Live
2012-04-06 05:01 . 2009-09-04 14:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-04-06 05:01 . 2009-09-04 14:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-04-06 05:01 . 2009-09-04 14:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-04-06 05:01 . 2009-09-04 14:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-04-06 04:58 . 2012-04-30 05:41 -------- d-----w- c:\users\ASUS\AppData\Local\Windows Live
2012-04-05 15:35 . 2012-04-27 08:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-04-05 15:31 . 2012-04-27 18:02 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-05 14:06 . 2012-04-05 14:06 -------- d-----w- c:\users\ASUS\AppData\Local\TechSmith
2012-04-05 14:05 . 2012-04-05 14:05 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-04-05 14:04 . 2012-04-27 18:02 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-04-05 14:04 . 2012-04-27 18:02 -------- d-----w- c:\programdata\TechSmith
2012-04-05 14:04 . 2012-04-27 18:02 -------- d-----w- c:\program files (x86)\TechSmith
2012-04-05 13:24 . 2012-04-05 13:24 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-04-05 13:23 . 2012-04-05 13:23 -------- d-----w- c:\users\ASUS\AppData\Local\Babylon
2012-04-05 13:23 . 2012-04-05 13:23 -------- d-----w- c:\users\ASUS\AppData\Roaming\Babylon
2012-04-05 13:23 . 2012-04-05 13:23 -------- d-----w- c:\programdata\Babylon
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2012-04-02 07:15 . 2012-04-02 07:15 -------- d-----w- c:\users\ASUS\AppData\Roaming\RealNetwor ks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2012-04-14 23:14 . 2012-03-31 16:05 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 23:14 . 2012-03-08 13:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cp l
2012-04-14 23:13 . 2012-03-31 16:14 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller .exe
2012-04-06 05:06 . 2011-03-28 15:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\pro duction\ppcrlconfig600.dll
2012-03-25 11:11 . 2012-03-25 11:11 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-25 11:11 . 2012-03-25 11:11 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-17 02:06 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-03-17 02:06 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-03-17 01:55 . 2012-03-17 01:55 332288 ----a-w- c:\windows\system32\uxtheme.dll.tmp
2012-03-17 01:55 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-03-14 02:42 . 2012-03-14 02:42 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-14 02:42 . 2012-03-14 02:42 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-14 02:42 . 2012-03-14 02:42 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-14 02:42 . 2012-03-14 02:42 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.e xe
2012-03-14 02:42 . 2012-03-14 02:42 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-14 02:42 . 2012-03-14 02:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-14 02:42 . 2012-03-14 02:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-14 02:42 . 2012-03-14 02:42 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-14 02:42 . 2012-03-14 02:42 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-14 02:42 . 2012-03-14 02:42 420864 ----a-w- c:\windows\SysWow64\vb******.dll
2012-03-14 02:42 . 2012-03-14 02:42 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-14 02:42 . 2012-03-14 02:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-14 02:42 . 2012-03-14 02:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-14 02:42 . 2012-03-14 02:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-14 02:42 . 2012-03-14 02:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-14 02:42 . 2012-03-14 02:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-14 02:42 . 2012-03-14 02:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-14 02:42 . 2012-03-14 02:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-14 02:42 . 2012-03-14 02:42 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-14 02:42 . 2012-03-14 02:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-14 02:42 . 2012-03-14 02:42 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-14 02:42 . 2012-03-14 02:42 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-14 02:42 . 2012-03-14 02:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.e xe
2012-03-14 02:42 . 2012-03-14 02:42 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-14 02:42 . 2012-03-14 02:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-14 02:42 . 2012-03-14 02:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-14 02:42 . 2012-03-14 02:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-14 02:42 . 2012-03-14 02:42 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-14 02:42 . 2012-03-14 02:42 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-14 02:42 . 2012-03-14 02:42 448512 ----a-w- c:\windows\system32\html.iec
2012-03-14 02:42 . 2012-03-14 02:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-14 02:42 . 2012-03-14 02:42 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-14 02:42 . 2012-03-14 02:42 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-14 02:42 . 2012-03-14 02:42 603648 ----a-w- c:\windows\system32\vb******.dll
2012-03-08 15:50 . 2012-03-08 15:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 15:37 . 2012-03-08 15:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 14:28 . 2012-03-08 14:28 472808 ----a-w- c:\windows\SysWow64\deploy****1.dll
2012-03-08 14:09 . 2012-03-08 14:09 172032 ------w- c:\windows\Setup1.exe
2012-03-08 14:09 . 2012-03-08 14:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-02-23 07:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 19:14 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:14 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:14 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 19:18 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:18 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 08:02 . 2012-02-07 08:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 19:18 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
"{62d40876-df18-411f-9d34-a9dd7a197bc5}"= "c:\program files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll " [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{62d40876-df18-411f-9d34-a9dd7a197bc5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{62d40876-df18-411f-9d34-a9dd7a197bc5}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 14:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
"{62d40876-df18-411f-9d34-a9dd7a197bc5}"= "c:\program files (x86)\BrotherSoft_Extreme3\prxtbBrot.dll " [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.Tool barWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.Tool barWnd]
.
[HKEY_CLASSES_ROOT\clsid\{62d40876-df18-411f-9d34-a9dd7a197bc5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.e xe" [2012-03-25 296056]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6Service Manager.exe" [2011-09-28 1039872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-11 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]
*******.lnk - c:\windows\iOS Skin Pack\Tools\*******.cmd [N/A]
RocketDock.lnk - c:\windows\iOS Skin Pack\RocketDock\RocketDock.exe [N/A]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A4 7458B27645FE6E4A715.exe [2012-3-8 156952]
UberIcon.lnk - c:\windows\iOS Skin Pack\UberIcon\UberIcon.exe [N/A]
YzShadow.lnk - c:\windows\iOS Skin Pack\YzShadow\YzShadow.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrol set\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\ Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\ Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Fla sh\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusb flt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl 2cap.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIV ERS\ipswuio.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\dr ivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsb GD.sys [x]
R3 WatAdminSvc;خدمة Windows Activation Technologies;c:\windows\system32\Wat\Wat AdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwifi flt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FB Agent.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreService****l.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\ drivers\aswMonFlt.sys [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVER S\idmwfp.sys [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraServi ce.exe [2012-04-06 624856]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2011-11-20 202592]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.s ys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HE CIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\ Impcd.sys [x]
S3 IntcDAud;صوت الشاشة من Intel(R);c:\windows\system32\DRIVERS\I ntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jm cr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sy s [x]
.
.
*******s of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\Flash PlayerUpdateService.exe [2012-03-31 23:14]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321684410-2863301829-396100640-1000Core.job
- c:\users\ASUS\AppData\Local\Google\Updat e\GoogleUpdate.exe [2012-03-29 02:54]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321684410-2863301829-396100640-1000UA.job
- c:\users\ASUS\AppData\Local\Google\Updat e\GoogleUpdate.exe [2012-03-29 02:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-04-02 18:47 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\explorer\****licono verlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\explorer\****licono verlayidentifiers\IDM ****l Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDM****lExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDial og.exe" [2010-10-08 1123664]
"Persistence"="c:\windows\system32\igfxp ers.exe" [2012-01-10 417560]
"IgfxTray"="c:\windows\system32\igfxtray .exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd .exe" [2012-01-10 392984]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartu pUtility.exe" [2011-09-03 444856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid= CT3205709
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5868BEAD-7EED-4974-9403-0D31214F525B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Fi refox\Profiles\jwtepfvp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSou rce=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrotherSoft Extreme3 Customized *** Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3205709&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSou rce=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110144&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3000c4b800000000000000fff2bfb9ca
FF - user.js: extensions.BabylonToolbar_i.hardId - 3000c4b800000000000000fff2bfb9ca
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15435
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e9df9360-97f8-4690-afe6-996c80790da4} - (no file)
***Browser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
***Browser-{62D40876-DF18-411F-9D34-A9DD7A197BC5} - (no file)
***Browser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{DF8241A3-B956-36B2-9898-42D53C3B3A46}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4. 0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW6 4\\Macromed\\Flash\\FlashUtil32_11_2_202 _233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flas h\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flas h\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flas h\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flas h\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flas h\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-01 06 38
ComboFix-quarantined-files.txt 2012-05-01 03:53
.
Pre-Run: 59,851,649,024 bytes free
Post-Run: 59,595,702,272 bytes free
.
- - End Of File - - 27D3025D1709D4CC51A40D94420BCBC7
تستطيع المشاركة هنا والرد على الموضوع ومشاركة رأيك عبر حسابك في الفيس بوك
jrvdv ComboFix
|
|
|  |
المواضيع المتشابهه 
العرض الشجري
