منتديات احباب عرب  

العودة   منتديات احباب عرب > القسم الرياضي > منتدى الرياضة > امم افريقيا 2019

هل جهازي مخترق!!

ComboFix 12-03-12.03 - dap 03/13/2012 10:53:36.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.965.1033.18.4094.2616 Running from: c:\users\dap\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows

إضافة رد
 
LinkBack أدوات الموضوع انواع عرض الموضوع
  #1  
قديم 03-13-2012, 12:21 PM
غربة و شوق غير متواجد حالياً
 
تاريخ التسجيل: Apr 2010
المشاركات: 20,922
معدل تقييم المستوى: 28
غربة و شوق is on a distinguished road
jded هل جهازي مخترق!!

<div>
ComboFix 12-03-12.03 - dap 03/13/2012 10:53:36.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.965.1033.18.4094.2616 [GMT 3:00]
Running from: c:\users\dap\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\SysWow64\tmp693F.tmp
c:\windows\SysWow64\tmp6950.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 08:00 . 2012-03-13 08:08 -------- d-----w- c:\users\dap\AppData\Local\temp
2012-03-13 08:00 . 2012-03-13 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-12 23:17 . 2012-03-12 23:17 388096 ----a-r- c:\users\dap\AppData\Roaming\Microsoft\Installer\{ 45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-12 23:17 . 2012-03-12 23:17 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-12 21:56 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-12 21:56 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-12 21:53 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88FE4B3A-4DE5-4EF0-A5C5-0E1055BCB475}\mpengine.dll
2012-03-12 10:08 . 2012-03-12 10:08 -------- d-----w- c:\programdata\Alwil Software
2012-03-11 22:48 . 2012-03-11 22:48 -------- d-----w- c:\users\dap\AppData\Roaming\Malwarebytes
2012-03-11 22:48 . 2012-03-11 22:48 -------- d-----w- c:\programdata\Malwarebytes
2012-03-11 20:02 . 2012-03-11 22:11 -------- d-----w- C:\## aswSnx private storage
2012-03-10 10:08 . 2012-03-12 11:09 -------- d-----w- c:\program files (x86)\Internet Download Manager(8)
2012-03-10 10:08 . 2012-03-10 10:09 -------- d-----w- c:\program files (x86)\Internet Download Manager(7)
2012-03-05 23:04 . 2012-03-12 21:34 -------- d-----w- c:\users\dap\AppData\Roaming\PhotoFiltre Studio X
2012-03-05 23:04 . 2012-03-05 23:05 -------- d-----w- c:\program files (x86)\PhotoFiltre Studio X
2012-03-05 03:34 . 2012-03-05 03:34 -------- d-----w- c:\users\dap\AppData\Roaming\NVIDIA
2012-03-04 00:16 . 2012-03-12 21:44 -------- d-----w- c:\users\UpdatusUser
2012-03-04 00:14 . 2012-03-04 00:14 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-03-04 00:11 . 2012-03-04 00:16 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-04 00:11 . 2012-03-04 00:11 -------- d-----w- C:\NVIDIA
2012-03-03 11:27 . 2012-03-03 11:27 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-03-03 01:11 . 2012-03-03 01:12 -------- d-----w- c:\program files\CCleaner
2012-02-28 08:00 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-28 08:00 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-15 11:09 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 11:09 . 2011-12-14 03:32 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-02-15 11:09 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-15 11:09 . 2011-12-14 07:47 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-15 11:09 . 2011-12-14 07:01 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-15 11:09 . 2011-12-14 02:54 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-02-15 11:07 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 11:07 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 11:07 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 11:07 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-02-23 06:18 . 2011-07-15 06:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 13:28 . 2011-07-14 01:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 04:13 . 2008-09-19 09:51 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 03:14 . 2009-07-01 23:20 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2009-07-01 23:20 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2009-07-01 23:20 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-10 03:07 . 2009-07-01 23:20 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:07 . 2009-07-01 23:20 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:07 . 2009-07-01 23:20 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-09 17:05 . 2012-02-09 17:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-03 12:42 . 2012-02-03 12:42 724992 ----a-w- c:\windows\iun6002.exe
2012-01-23 21:37 . 2012-01-23 21:37 0 ---ha-w- c:\users\dap\AppData\Local\BIT2923.tmp
2011-12-20 07:10 . 2012-02-05 06:31 17192 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-12-20 07:10 . 2012-02-05 06:31 28968 ----a-w- c:\windows\system32\nitrolocalmon2.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-12-16 06:55 225584 ----a-w- c:\program files (x86)\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 07:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-12-16 06:55 141104 ----a-w- c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 09:27 1330480 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-15 3437976]
"Linkury Chrome Smartbar"="c:\users\dap\AppData\Local\Linkury\Appl ication\Smartbar.exe" [2012-01-19 19272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-02 8105984]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-03-31 266240]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2008-08-20 2705976]
"Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" [2011-12-16 187696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-20 296056]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-07 801792]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 21:16]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-09 21:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 07:55 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\AD SMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 13:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-06-13 6342688]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.zerovb.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\dap\AppData\Roaming\Mozilla\Firefox\Profi les\lvehfvub.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/Result***t.aspx?ctid=CT2545381&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=ar
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/Result***t.aspx?ctid=CT2545381&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, c008da73-e344-44ef-bcc6-d955eab0bd19
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader,
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PhotoZoom Pro 2 - c:\program files (x86)\PhotoZoom Pro 2\Uninstall.exe
AddRemove-The First Templar - c:\program files (x86)\Black_Box\The First Templar\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-50994059-4060894014-1678323870-1000_Classes\Wow6432Node\CLSID\{4b998770-3d32-4b98-87ad-235a89cb316b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013e
"Therad"=dword:00000001
"MData"=hex(0):73,هل جهازي مخترق!!,cf,b8,a4,07,89,80,31,e4,3 5,6b ,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68 ,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-50994059-4060894014-1678323870-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b4,82,de,12,10,1c,91,ad,de,e0, b9,d 9,43,fb,d3,ae,4d,37,86,5c,2e,
87,67,dc,53,25,55,b5,b7,8e,bd,61,fd,67,53,f4,68,5e ,b3,56,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Mac rome d\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash Ut il10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 10 v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 10 v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 10 v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash 10 v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"Symهل جهازي مخترق!!icLinkValue"=hex(6):5c,00,52,00,45,00,4 7,00 ,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
************************************************** ************************
.
Completion time: 2012-03-13 11:13:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 08:13
.
Pre-Run: 177,308,454,912 bytes free
Post-Run: 177,095,757,824 bytes free
.
- - End Of File - - 803A92570C1D3B7F96F77141FEFCCCAA


المواضيع المتشابهه:

رد مع اقتباس
إضافة رد


الذين يشاهدون محتوى الموضوع الآن : 1 ( الأعضاء 0 والزوار 1)
 
أدوات الموضوع
انواع عرض الموضوع

تعليمات المشاركة
لا تستطيع إضافة مواضيع جديدة
لا تستطيع الرد على المواضيع
لا تستطيع إرفاق ملفات
لا تستطيع تعديل مشاركاتك

BB code is متاحة
كود [IMG] متاحة
كود HTML معطلة
Trackbacks are متاحة
Pingbacks are متاحة
Refbacks are متاحة


Privacy Policy سياسة الخصوصية |

Sitemap

الساعة الآن 12:08 PM.


Powered by vBulletin™ Version 3.8.7
Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.
SEO by vBSEO