dR.x3
زيزوومي جديد
غير متصل
هلا اخواني فيروس غثني غث
وابغا حل الله يكفيكم شر النار
التقرير
وابغا حل الله يكفيكم شر النار
التقرير
PHP:
ComboFix 09-03-06.02 - As 03/08/2009 0:00:52.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.1.1025.18.1014.353 [GMT 3:00]
Running from: c:\users\As\AppData\Local\Temp\ir_ext_temp_0\AutoP lay\Docs\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\alexa toolbar
c:\program files\alexa toolbar\uninstall.exe
c:\programdata\whlb32g.dll
c:\users\As\AppData\Roaming\addon.dat
c:\windows\system32\alxres.dll
c:\windows\system32\AlxTB1.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-27 12:29 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-02-20 21:05 --------- d-----w c:\program files\Google
2009-02-20 19:54 --------- d-----w c:\programdata\WindowsSearch
2009-02-16 15:51 --------- d-----w c:\programdata\Microsoft Help
2009-02-11 09:30 174 --sha-w c:\program files\desktop.ini
2009-02-11 09:18 --------- d-----w c:\program files\Windows Sidebar
2009-02-11 09:18 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-11 09:18 --------- d-----w c:\program files\Windows Mail
2009-02-11 09:18 --------- d-----w c:\program files\Windows Journal
2009-02-11 09:18 --------- d-----w c:\program files\Windows Defender
2009-02-11 09:18 --------- d-----w c:\program files\Windows Collaboration
2009-02-11 09:18 --------- d-----w c:\program files\Windows Calendar
2009-02-11 05:56 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-11 05:56 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-08 21:15 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-07 20:23 --------- d-----w c:\users\As\AppData\Roaming\AdobeUM
2008-05-02 15:19 39,293 ---h--w c:\users\As\AppData\Roaming\Q.BoyZ .exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [01/18/2008 11:33 PM 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"EvidenceEraser"="c:\program files\EvidenceEraser\EvidenceEraser.exe" [03/10/2008 02:16 PM 9012464]
"{9B71D88C-C598-4935-C5D1-43AA4DB90836}"="c:\users\As\AppData\Roaming\Q.BoyZ .exe" [05/02/2008 06:19 PM 39293]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [02/21/2009 12:05 AM 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [01/18/2008 11:33 PM 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [11/06/2006 09:02 AM 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [11/06/2006 09:05 AM 106496]
"Persistence"="c:\windows\system32\igfxpers.ex e" [11/06/2006 09:02 AM 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [07/16/2007 06:04 PM 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [07/16/2007 06:10 PM 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM 83608]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [11/30/2006 08:50 AM 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 01:39 PM 136768]
"EvidenceEraser"="c:\program files\EvidenceEraser\EvidenceEraser.exe" [03/10/2008 02:16 PM 9012464]
"NWEReboot"="" [BU]
c:\users\As\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-03 113664]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2516365169-3731338611-1293585012-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{2A304B3E-4F27-4EEB-9837-43A45E11342F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6B86C94B-E7BF-4B96-9EDC-34C66FCAF4B2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{630B06EA-7EF2-4934-AE46-B1C71D50C3EC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DA02BFE6-B02D-4C5E-9E43-FF99B650629A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1B7A5939-15F2-46FD-B432-E929F70994C6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ED5E00DC-A724-4877-AEAE-1B09AB109409}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{9C272549-939B-4F82-B6BA-BA9156D76F5E}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{F46D93B5-9DCE-4AE5-BBCC-0C3D8FA5C9B5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2007-07-15 240128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ecbff96d-4b3d-11dc-a735-806e6f6e6963}]
\shell\AutoRun\command - RavMon.exe
\shell\explore\Command - RavMon.exe -e
\shell\open\Command - RavMon.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 00:04:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 03/08/2009 0:06:29
ComboFix-quarantined-files.txt 2009-03-07 21:06:22
Pre-Run: 70,122,369,024 bytes free
Post-Run: 70,111,862,784 bytes free
124 --- E O F --- 2009-03-07 08:31:27
