هلا demo سويت اللي قلته وهذا التقرير
ComboFix 08-09-20.05 - كمبيوتر هوم 09/21/2008 9:02:35.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.264 [GMT 3:00]
Running from: C:\Documents and Settings\كمبيوتر هوم\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT\Blockeds.dat
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT\date.dat
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT\DirectoryDefinition.dat
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT\ENoSignature.dat
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT\ExeDefinition.dat
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT\FileDefinition.dat
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT\RegistryDefinition.dat
C:\Documents and Settings\كمبيوتر هوم\Application Data\AntiSpywareDAT\Safety.dat
C:\Documents and Settings\كمبيوتر هوم\Application Data\rhcngqj0egf9
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\Antivirus XP 2008
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\Antivirus XP 2008\Uninstall.lnk
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\blphcjgqj0egf9.scr
C:\WINDOWS\system32\kdbxb.exe
C:\WINDOWS\system32\Memman.vxd
C:\WINDOWS\system32\phcjgqj0egf9.bmp
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\skinboxer43.dll
C:\WINDOWS\Sysvxd.exe
C:\WINDOWS\wiaservb.log
.
((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 01:20 --------- d-----w C:\Program Files\AdwareSpywareDetective Demo
2008-09-15 00:46 --------- d-----w C:\Program Files\VerbAce Research
2008-09-01 07:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-01 06:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-27 03:27 --------- d-----w C:\Program Files\Saree PC Cleaner 2
2008-08-24 02:02 --------- d-----w C:\Program Files\Panda Security
2008-08-22 20:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-18 18:54 --------- d-----w C:\Program Files\Avira
2008-08-18 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-15 12:58 1,886 ----a-w C:\WINDOWS\system32\tmp.reg
2008-08-15 12:04 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-14 04:28 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-08-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 23:43 --------- d-----w C:\Program Files\CleanUp!
2008-08-11 02:43 --------- d-----w C:\Program Files\rhcngqj0egf9
2008-07-26 05:34 --------- d-----w C:\Program Files\MultiTranse
2008-07-26 04:14 --------- d-----w C:\Program Files\myBabylon
2008-07-26 04:14 --------- d-----w C:\Program Files\Conduit
2008-07-26 03:24 10 ----a-w C:\WINDOWS\system32\drivers\tmbi.sys
2008-07-19 13:13 1,806,336 ----a-w C:\WINDOWS\system32\AnipUninst1.exe
2008-07-18 18:39 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-06-25 20:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-24 15:59 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [11/22/2004 08:18 AM 307200]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/05/2005 08:35 PM 3092480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/25/2008 11:14 PM 185896]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 02:28 PM 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/07/2007 07:30 PM 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalStart.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^كمبيوتر هوم^قائمة ابدأ^البرامج^بدء التشغيل^Reboot.exe]
path=C:\Documents and Settings\كمبيوتر هوم\قائمة ابدأ\البرامج\بدء التشغيل\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/03/2004 09:56 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefox Installer]
--a------ 01/13/2007 12:48 AM 88235 C:\Program Files\DivX\Google\Firefox\ffinstaller.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 04/25/2005 05:29 AM 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 04/25/2005 05:32 AM 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 04/25/2005 05:32 AM 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 09/07/2007 07:30 PM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/02/2004 08:24 PM 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 07/17/2006 10:25 AM 573440 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 06/25/2008 11:14 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 04/02/2003 05:20 AM 12288 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 08/05/2005 08:35 PM 3092480 C:\Program Files\Yahoo!\Messenger\YPager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 06/20/2005 04:42 PM 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE"=
"C:\\WINDOWS\\system32\\regsvr32.exe"=
"C:\\Program Files\\WinRAR\\WinRAR.exe"=
"C:\\WINDOWS\\system32\\verclsid.exe"=
"C:\\WINDOWS\\system32\\notepad.exe"= C:\\WINDOWS\\system32\\NOTEPAD.EXE
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\cleanmgr.exe"=
"C:\\WINDOWS\\NOTEPAD.EXE"=
"C:\\Program Files\\Real_SC\\mediaco.exe"=
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=
"C:\\Program Files\\Ahead\\nero\\nero.exe"=
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [06/19/2008 05:24 PM 28544]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [02/25/2003 07:26 PM 36644]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [02/25/2003 07:26 PM 24344]
S4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa0d9f60-4443-11dd-92a3-0019211d9131}]
\Shell\AutoRun\command - H:\
0hct8ybw.bat
\Shell\explore\Command - H:\
0hct8ybw.bat
\Shell\open\Command - H:\
0hct8ybw.bat
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{EA3775F2-28BE-11D3-9C8D-00105A24ED29} - C:\Documents and Settings\كمبيوتر هوم\Local Settings\Temp\IcnOvrly.dll
HKLM-Run-C:\WINDOWS\system32\kdbxb.exe - C:\WINDOWS\system32\kdbxb.exe
HKLM-Run-C:\WINDOWS\system32\kdwza.exe - C:\WINDOWS\system32\kdwza.exe
HKU-Default-Run-Yahoo Messengger - C:\WINDOWS\system32\SSVICHOSST.exe
MSConfigStartUp-nod32kui - C:\Program Files\Eset\nod32kui.exe
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-21 09:06:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
.
**************************************************************************
.
Completion time: 09/21/2008 9:07:47 - machine was rebooted
ComboFix2.txt 2008-08-11 23:50:34
ComboFix-quarantined-files.txt 2008-09-21 06:07:42
Pre-Run: 7,027,834,880 bytes free
Post-Run: 7,049,166,848 bytes free
192 --- E O F --- 2008-08-24 00:56:47
اخوي فارس سويت اللي قلته وحذفت القيم بس القيمة الاخيرة هي اللي موجودة .....
