هذا تقرير البرنامج الاول combofix
ComboFix 08-10-01.06 - alyami 2008-10-02 20:28:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1033.18.1047 [GMT 3:00]
Running from: C:\Users\alyami\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\alyami\AppData\Roaming\addon.dat
C:\Users\alyami\AppData\Roaming\Microsoft\Windows\s\alyami@ad.yieldmanager[1].txt
.
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.
2008-10-02 20:24 . 2008-10-02 20:25 <DIR> d-------- C:\32788R22FWJFW
2008-09-19 20:36 . 2008-09-19 20:36 <DIR> d-------- C:\Program Files\Intel
2008-09-10 19:25 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:25 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 19:24 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 19:24 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 19:23 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:23 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:23 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:23 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 19:23 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 17:16 --------- d-----w C:\Users\alyami\AppData\Roaming\Skype
2008-10-02 17:00 --------- d-----w C:\Users\alyami\AppData\Roaming\skypePM
2008-10-02 16:44 27,934 ----a-w C:\Users\All Users\nvModes.dat
2008-10-02 16:44 27,934 ----a-w C:\ProgramData\nvModes.dat
2008-10-02 03:09 --------- d-----w C:\ProgramData\Google Updater
2008-09-25 04:26 --------- d-----w C:\Users\alyami\AppData\Roaming\Paltalk
2008-09-10 01:59 --------- d-----w C:\Program Files\Athan
2008-09-10 01:48 737,280 ----a-w C:\Windows\iun6002.exe
2008-09-10 00:07 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-08 21:36 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-25 16:01 --------- d-----w C:\Program Files\Winamp
2008-08-25 15:54 --------- d-----w C:\Program Files\DivX
2008-08-25 15:35 --------- d---a-w C:\Users\alyami\AppData\Roaming\Intel
2008-08-25 15:35 --------- d-----w C:\ProgramData\Roaming
2008-08-25 15:34 --------- d-----w C:\ProgramData\Intel
2008-08-21 01:40 --------- d-----w C:\Users\alyami\AppData\Roaming\Media Player Classic
2008-08-21 01:39 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-19 01:25 --------- d---a-w C:\Users\alyami\AppData\Roaming\oovooToolbar
2008-08-19 01:25 --------- d-----w C:\Program Files\oovooToolbar
2008-08-19 01:24 --------- d-----w C:\Program Files\ooVoo
2008-08-18 19:10 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 18:55 --------- d-----w C:\ProgramData\Nokia
2008-08-18 18:18 --------- d-----w C:\ProgramData\Installations
2008-08-14 00:05 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 14:12 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-12 14:11 --------- d-----w C:\Program Files\Real
2008-08-12 14:11 --------- d-----w C:\Program Files\Common Files\Real
2008-08-12 13:26 --------- d-----w C:\Program Files\Google
2008-08-12 02:38 --------- d-----w C:\Program Files\alahli_sa
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:39 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-05-19 21:21 174 --sha-w C:\Program Files\desktop.ini
2008-05-14 00:55 27,430 ----a-w C:\Users\alyami\AppData\Roaming\nvModes.dat
2008-05-12 18:25 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-05-12 18:25 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-05-11 17:13 76 --sh--r C:\Windows\CT4CET.bin
2008-05-25 03:05 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-25 03:05 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2008-05-25 03:05 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\s\index.dat
2008-05-13 14:51 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-13 14:51 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2008-05-13 14:51 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\s\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6dd9dea-70f3-4b24-917a-985a11827efd}"= "C:\Program Files\alahli_sa\tbalah.dll" [2008-07-21 1603608]
[HKEY_CLASSES_ROOT\clsid\{a6dd9dea-70f3-4b24-917a-985a11827efd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 22:56 1987544 --a------ C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{a6dd9dea-70f3-4b24-917a-985a11827efd}]
2008-07-21 20:31 1603608 --a------ C:\Program Files\alahli_sa\tbalah.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6dd9dea-70f3-4b24-917a-985a11827efd}"= "C:\Program Files\alahli_sa\tbalah.dll" [2008-07-21 1603608]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6DD9DEA-70F3-4B24-917A-985A11827EFD}"= "C:\Program Files\alahli_sa\tbalah.dll" [2008-07-21 1603608]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]
[HKEY_CLASSES_ROOT\clsid\{a6dd9dea-70f3-4b24-917a-985a11827efd}]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-09 36864]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-02-22 166432]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-02-22 13515296]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-02-22 92704]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-02-22 92704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Athan"="C:\Program Files\Athan\Athan.exe" [2008-08-18 1089536]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-04-23 1443072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-12 185896]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2008-08-29 11704832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{492F0418-80AB-499C-8D5E-4366E3100735}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{016241FF-4C06-4D14-96D8-230FB4E7FEDD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF0B6C40-FEBE-4751-AD44-46DA8D3895B0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D46779CD-C588-46A5-953D-6589EF878A69}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{500541EC-9830-48FB-8FBE-398CAC71E9CB}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{970CD166-2BAC-492D-8090-66CBAC8E1B7C}C:\\program files\\paltalk messenger\\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exe
altalkScene
"UDP Query User{43DCD848-2164-406E-B347-8F6E2347A8AE}C:\\program files\\paltalk messenger\\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exe
altalkScene
"{07D1FCEE-0FAA-4D27-8208-CC1145874EA0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DF623BE6-F572-472F-BB79-550492A72A2D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{7B219719-57B8-41EC-AEEF-9264FDB81F78}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe
oVoo
"UDP Query User{F302AD9C-D207-4DB0-A35D-56C93A87A127}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe
oVoo
"{D202E22A-B572-4FAE-8D1A-72A2A583D4BF}"= UDP:443
oVoo TCP port 443
"{D3242F4C-0A09-46B1-9333-C736A86B9A8F}"= TCP:443
oVoo UDP port 443
"{0D677ACA-71BA-49E8-AFC9-25BF0641EB3F}"= UDP:37674
oVoo TCP port 37674
"{D36CC8E8-F79C-486A-A0F8-955A9649853E}"= TCP:37674
oVoo UDP port 37674
"{1AD118DF-EE9F-417C-8F97-24EFE76098D1}"= TCP:37675
oVoo UDP port 37675
"{403E452C-B2C2-488E-9F4A-1FA0A141E07A}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{56EC608E-01E4-4E63-87C4-9AB68BCF7DF8}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B0AE8E10-F62B-465B-9F38-77117DEF5E69}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B6D379F4-0CDA-4208-9356-B3256CD8A021}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{80DB33CF-BA0C-4710-8970-E8C0870AE708}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6FBCCE80-CB3C-4714-858C-A20970BCA797}"= Disabled:UDP:443
oVoo TCP port 443
"{47CA8EC1-8C3A-4C40-9AEE-CCBA4BDD9C4C}"= Disabled:TCP:443
oVoo UDP port 443
"{E8E927E7-C4E9-4AD9-A387-53A55DE8AE22}"= Disabled:UDP:37674
oVoo TCP port 37674
"{08D9EF11-F987-4A5E-AE8D-886B23895F0D}"= Disabled:TCP:37674
oVoo UDP port 37674
"{6A7C2E7A-744D-4A8A-A162-2D6350EE9DEC}"= Disabled:TCP:37675
oVoo UDP port 37675
"TCP Query User{18F43336-78A8-49B7-B6A2-53107C270F41}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe
oVoo
"UDP Query User{54669C3F-2308-44F0-BE8D-DF6493127649}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe
oVoo
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{198a622e-7461-11dd-ac4c-001dd9e7bc0e}]
\shell\AutoRun\command - F:\PMB_P.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\alyami\AppData\Roaming\Mozilla\Firefox\Profiles\25xv30tw.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-02 20:32:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-02 20:34:00
ComboFix-quarantined-files.txt 2008-10-02 17:33:36
Pre-Run: 90,271,256,576 bytes free
Post-Run: 90,260,611,072 bytes free
199 --- E O F --- 2008-09-26 03:19:55
