السلام عليكم
يااخوان تقرير كومبوفكس
هذا التقرير وابغى احد يحلله لي
لانا جهازي بطيء جداااااااااااااااااااااا
تكفووووووووووون
ComboFix 12-06-12.03 - Lg 06/13/2012 4:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.3003.2571 [GMT 3:00]
Running from: c:\combofix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
.
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\chrome.manifest
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xp t
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\install.
js
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\install.rdf
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\****-INF\manifest.mf
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\****-INF\zigbert.rsa
c:\********s and settings\Lg\Application Data\IDM\idmmzcc3\****-INF\zigbert.sf
c:\********s and settings\Lg\WINDOWS
c:\program files\Internet Explorer\SET4DD.tmp
c:\program files\Internet Explorer\SET4DE.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61 a4.fb
c:\windows\system32\Cache\287204568329e1 89.fb
c:\windows\system32\Cache\28bc8f716fd76a 47.fb
c:\windows\system32\Cache\2c53092c956053 55.fb
c:\windows\system32\Cache\3917078cb68ec6 57.fb
c:\windows\system32\Cache\590ba23ce359fd 0c.fb
c:\windows\system32\Cache\610289e025a3ee 9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8b d1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3a d0.fb
c:\windows\system32\Cache\ad10a52aff5e03 8d.fb
c:\windows\system32\Cache\d201ef9910cd39 de.fb
c:\windows\system32\Cache\d2e94710a57081 28.fb
c:\windows\system32\Cache\d79b9dfe81484e c4.fb
c:\windows\system32\Cache\ea30917390194a dc.fb
c:\windows\system32\kakle.dll
c:\windows\system32\SET11.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET4E0.tmp
c:\windows\system32\SET4E1.tmp
c:\windows\system32\SET4E2.tmp
c:\windows\system32\SET4E3.tmp
c:\windows\system32\SET4E4.tmp
c:\windows\system32\SET4E5.tmp
c:\windows\system32\SET4E6.tmp
c:\windows\system32\SET4E7.tmp
c:\windows\system32\SET4E8.tmp
c:\windows\system32\SET4E9.tmp
c:\windows\system32\SET4EB.tmp
c:\windows\system32\SET4EC.tmp
c:\windows\system32\SET4ED.tmp
c:\windows\system32\SET4EF.tmp
c:\windows\system32\SET4F0.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET4F2.tmp
c:\windows\system32\SET4F3.tmp
c:\windows\system32\SET4F4.tmp
c:\windows\system32\SET4F5.tmp
c:\windows\system32\SET4F6.tmp
c:\windows\system32\SET4F7.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET4F9.tmp
c:\windows\system32\SET4FA.tmp
c:\windows\system32\SET4FB.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET4FE.tmp
c:\windows\system32\SET4FF.tmp
c:\windows\system32\SET500.tmp
c:\windows\system32\SET501.tmp
c:\windows\system32\SET502.tmp
c:\windows\system32\SET503.tmp
c:\windows\system32\SET504.tmp
c:\windows\system32\SETF.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))) )))))))))
.
.
-------\Legacy_VCS
-------\Service_Vcs
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-12 13:02 . 2012-06-12 13:02 -------- dc----w- C:\$WIN_NT$.~BT
2012-06-12 11:49 . 2012-06-12 11:49 29904 ----a-w- c:\********s and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD8F6ACC-896C-4433-820C-AAFA803E66AD}\MpKsl4063c0a4.sys
2012-06-12 11:32 . 2012-05-08 16:40 6737808 ------w- c:\********s and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD8F6ACC-896C-4433-820C-AAFA803E66AD}\mpengine.dll
2012-06-11 08:31 . 2012-06-11 08:31 -------- d-----w- c:\program files\Trend Micro
2012-06-10 18:50 . 2012-06-10 18:50 -------- d-----w- c:\program files\Panda Security
2012-06-10 02:09 . 2009-09-04 14:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-06-10 02:09 . 2008-10-15 03:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-06-10 02:09 . 2007-07-19 15:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-06-10 02:08 . 2007-05-16 13:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-06-10 00:53 . 2012-06-11 08:06 -------- d-----w- c:\program files\Hotspot Shield
2012-06-03 06:54 . 2012-06-12 13:30 -------- d-----w- c:\program files\FreeTime
2012-05-31 23:01 . 2012-06-03 05:32 -------- d-----w- c:\********s and settings\Lg\Application Data\SimpleTV V03
2012-05-24 01:47 . 2012-05-24 01:47 -------- d-----w- c:\program files\ElcomSoft
2012-05-20 23:59 . 2012-05-20 23:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-18 21:54 . 2012-05-21 00:02 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-05-18 21:54 . 2012-05-18 21:54 -------- d-----w- c:\********s and settings\Lg\Local Settings\Application Data\SlimWare Utilities Inc
2012-05-18 04:27 . 2012-05-18 04:27 -------- d-----w- c:\windows\system32\config\systemprofile \Application Data\IObit
2012-05-18 03:56 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-05-18 03:37 . 2012-02-23 11:25 21336 ----a-w- c:\windows\system32\RegistryDefragBootTi me.exe
2012-05-15 00:51 . 2012-06-12 13:40 -------- d-----w- c:\********s and settings\Lg\Local Settings\Application Data\DFX
2012-05-15 00:50 . 2011-10-14 14:47 174080 ----a-w- c:\windows\system32\dfxmm32.dll
2012-05-15 00:48 . 2012-06-12 13:40 -------- dc----w- c:\********s and settings\All Users\Application Data\DFX
2012-05-15 00:48 . 2012-05-15 00:50 -------- d-----w- c:\program files\Common Files\DFX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2012-05-31 13:21 . 2008-04-14 17:29 598016 ----a-w- c:\windows\system32\crypt32.dll
2012-05-11 14:00 . 2012-04-02 11:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 14:00 . 2011-06-15 05:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cp l
2012-05-04 21:27 . 2009-05-25 07:21 1212416 ----a-w- c:\windows\system32\ckll.dll
2012-05-04 21:27 . 2009-05-25 07:21 1245184 ----a-w- c:\windows\system32\bkll.dll
2012-05-04 21:27 . 2009-05-25 07:21 1986560 ----a-w- c:\windows\system32\akll.dll
2012-05-04 21:27 . 2009-05-25 07:21 90112 ----a-w- c:\windows\system32\agsaami.dll
2012-05-04 21:27 . 2009-05-25 07:21 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2012-05-04 21:27 . 2009-05-25 07:21 610304 ----a-w- c:\windows\system32\agsaamg.dll
2012-05-04 21:27 . 2009-05-25 07:21 372736 ----a-w- c:\windows\system32\agsaamc.dll
2012-04-24 00:46 . 2009-01-05 14:40 73728 ----a-w- c:\windows\system32\****cpl.cpl
2012-04-24 00:46 . 2010-05-31 13:10 472808 ----a-w- c:\windows\system32\deploy****1.dll
2012-04-19 02:24 . 2012-04-02 13:24 4139680 ----a-w- c:\windows\system32\FlashPlayerInstaller .exe
2012-04-11 13:51 . 2008-04-14 17:07 1862144 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2008-04-14 21:12 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2008-04-14 17:12 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2010-03-26 19:07 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-04-25 11:17 . 2011-12-11 11:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 11:08 . 2011-09-09 11:24 24376 ----a-w- c:\program files\mozilla firefox\components\******ff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-05-02 3134896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~ 1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscu pgrd.exe" [2004-08-03 44544]
.
c:\********s and settings\Administrator.E8006B72C1BE445.0 00\قائمة ابدأ\البرامج\بدء التشغيل\
setup_9-by mo3th_alhilalclub.lnk - c:\********s and settings\Administrator.E8006B72C1BE445.0 00\سطح المكتب\Virus Removal Tool\setup_9-by mo3th_alhilalclub\startup.exe [2011-3-3 72208]
.
c:\********s and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-20 576104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrol set\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Control\SafeBoot\Minimal\Wdf01000.sy s]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\win dows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon. exe
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
"Google Update"="c:\********s and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\run-]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe"
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"IgfxTray"=c:\windows\system32\igfxtray. exe
"HotKeysCmds"=c:\windows\system32\hkcmd. exe
"Persistence"=c:\windows\system32\igfxpe rs.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Sun****UpdateSched"="c:\program files\Common Files\****\**** Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\GloballyO penPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Internet Connection Sharing (DNS Server-In)
"67:UDP"= 67:UDP:Internet Connection Sharing (DHCP Server-In)
"1317:UDP"= 1317:UDP:Internet Connection Sharing (DHCP Server-In, DS-Shifted)
"68:UDP"= 68:UDP:Internet Connection Sharing (DHCPv4-In)
"547:UDP"= 547:UDP:Internet Connection Sharing (DHCPv6-In)
"1303:UDP"= 1303:UDP:Internet Connection Sharing (DNS Server-In, DS-Shifted)
.
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\IcmpSetti ngs]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 06275392;06275392 Boot Guard Driver;c:\windows\system32\drivers\06275 392.sys [03/03/2011 02:57 ص 37392]
R0 40011202;40011202 Boot Guard Driver;c:\windows\system32\drivers\40011 202.sys [03/03/2011 12:52 م 37392]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\dr ivers\AVGIDSEH.sys [11/07/2011 01:14 ص 23120]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHi dBus.sys [07/01/2009 11:39 م 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sp td.sys [08/02/2011 08:41 م 691696]
R1 06275391;06275391;c:\windows\system32\dr ivers\06275391.sys [03/03/2011 02:57 ص 128016]
R1 40011201;40011201;c:\windows\system32\dr ivers\40011201.sys [03/03/2011 12:52 م 128016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtd ix.sys [11/07/2011 01:14 ص 295248]
R1 setup_9-by mo3th_alhilalclubdrv;setup_9-by mo3th_alhilalclubdrv;c:\windows\system32 \drivers\4001120.sys [03/03/2011 12:52 م 315408]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\eap pkt.sys [21/09/2011 04:29 م 38144]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sy s [21/05/2010 12:40 ص 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [20/05/2010 11:40 م 539184]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\Intc Hdmi.sys [08/02/2011 06:31 م 110080]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS51 21.sys [05/01/2009 06:13 م 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt286 0.sys [02/03/2012 07:52 م 966912]
S1 gwrgzuhh;gwrgzuhh;\??\c:\windows\system3 2\drivers\gwrgzuhh.sys --> c:\windows\system32\drivers\gwrgzuhh.sys [?]
S1 kl2;Kl2;\??\c:\windows\system32\drivers\ kl2.sys --> c:\windows\system32\drivers\kl2.sys [?]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sy s --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc .dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [14/04/2008 08:30 م 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Fla sh\FlashPlayerUpdateService.exe [02/04/2012 02:46 م 257696]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btne tBus.sys [07/12/2008 12:44 م 30088]
S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system3 2\DRIVERS\cnnctfy2.sys --> c:\windows\system32\DRIVERS\cnnctfy2.sys [?]
S3 easytether;easytether;c:\windows\system3 2\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtB tBus.sys [02/07/2008 02:58 م 26248]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5 .sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klm ouflt.sys --> c:\windows\system32\DRIVERS\klmouflt.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8 187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\driv ers\SWDUMon.sys [19/05/2012 12:54 ص 11232]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsa m.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [14/04/2008 08:30 م 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPHLPSVC
.
*******s of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\Flash PlayerUpdateService.exe [2012-04-02 14:00]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1343024091-682003330-1003Core.job
- c:\********s and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-07 16:59]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1343024091-682003330-1003UA.job
- c:\********s and settings\Lg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-07 16:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alnaddy.com/?t=sa&babsrc=HP_ss&mntrId=c02a0536000000 00000000ffd5128068
IE: ????? ???? ?????? Internet Download Manager
IE: ????? ????? FLV ?????? Internet Download Manager
IE: ????? ?????? Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager
IE: E???? C??? E?C??E Internet Download Manager
IE: E???? E?C??E Internet Download Manager
IE: E???? ??E?? FLV E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: E???? C??? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E???? E?C??E Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\********s and settings\Lg\Application Data\Mozilla\Firefox\Profiles\8nfus49w.d efault\
FF - prefs.
js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSou rce=3&q={searchTerms}
FF - prefs.
js: browser.search.selectedEngine - Google
FF - prefs.
js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.
js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q=
FF - prefs.
js: network.proxy.ftp - 132.72.23.10
FF - prefs.
js: network.proxy.ftp_port - 3127
FF - prefs.
js: network.proxy.gopher - 132.72.23.10
FF - prefs.
js: network.proxy.gopher_port - 3127
FF - prefs.
js: network.proxy.socks - 132.72.23.10
FF - prefs.
js: network.proxy.socks_port - 3127
FF - prefs.
js: network.proxy.ssl - 132.72.23.10
FF - prefs.
js: network.proxy.ssl_port - 3127
FF - prefs.
js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
***Browser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-klogon - (no file)
AddRemove-DFX - c:\program files\DFX\uninstall.exe
.
.
.
**************************************** **********************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-06-13 04:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************** **********************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{5C082286-DD56-6B96-110FABAC317C22E3}\{17077DA0-F2D9-EF48-DBC13F521337D931}\{A783887F-564D-BBBA-662193019693FEBC}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{69446aa7-7eeb-4140-8ad4-7fecc4641958}]
@Denied: (Full) (Everyone)
"Model"=dword:000000e0
"Therad"=dword:00000022
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,3 1,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3 c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):97,39,9f,c6,ed,bd,24,ab, 70,01,12,0a,d7,da,4d,7a,ce,c7,03,69,c4,
1a,29,7c,5f,e3,23,61,62,0c,76,cd,f9,f4,7 c,2c,c5,8e,a4,98,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{ADCDC452-5950-0BD6-5DEB640DBA321648}\{0A2FAA8F-EDBD-61CA-231081ECE2D6CFC4}\{38D3EADC-5C2C-A096-9079D739DE5BCFA9}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSI D\{F9E7FB8A-7FC0-F5C6-C2C005BCC6E52A75}\{38D64012-6403-EA81-41E60280EAB79558}\{8D4E630B-001F-4733-DF87B943421629E7}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00, 01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d 8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes. dll
c:\windows\system32\PortableDeviceApi.dl l
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\****\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EX E
.
**************************************** **********************************
.
Completion time: 2012-06-13 04
55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 01:59
ComboFix2.txt 2011-02-24 00:30
ComboFix3.txt 2010-12-24 10:52
.
Pre-Run: 37,450,186,752 bytes free
Post-Run: 37,606,232,064 bytes free
.
- - End Of File - - 85263D40A8F430AEAF7B699C96106B96
تستطيع المشاركة هنا والرد على الموضوع ومشاركة رأيك عبر حسابك في الفيس بوك
hv[,;l hfyn hp] dpgg jrvdv combofix
المواضيع المتشابهه 
ارجوكم ابغى احد يحلل تقرير combofix 
العرض الشجري
