وعليكم السلام
الله يارحم وولديك عن النار
انا صورت لك مشكله طلع فيه اسم هذا ملف iexplore .exe
وو سويت تقرير وطلع
ComboFix 08-02.03.1 - Administrator 02/04/2008 12:39:37.1 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\VZKYQ9EF\iforex.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\VZKYQ9EF\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\drivers\ETNADiag.exe
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 18:44 2,043,392 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-30 15:26 --------- d-----w C:\Program Files\Real
2008-01-30 15:26 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-30 15:25 --------- d-----w C:\Program Files\Common Files\Real
2008-01-30 14:43 301,568 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-25 11:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-25 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 20:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 20:20 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-24 19:53 --------- d-----w C:\Program Files\ESET
2008-01-24 19:52 174,592 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-24 19:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ESET
2008-01-24 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-01-23 19:17 2,120,704 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-23 19:17 1,747,968 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-21 12:27 --------- d-----w C:\Program Files\قاموس صخر الجديد
2008-01-21 12:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-01-20 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\live 64 math does
2008-01-20 18:05 1,565,696 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-20 17:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Manager each warn
2008-01-18 11:04 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-01-18 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-17 10:10 --------- d-----w C:\Program Files\Microsoft Works
2008-01-17 10:09 --------- d-----w C:\Program Files\MSBuild
2008-01-14 16:51 --------- d-----w C:\Program Files\Zone Labs
2008-01-09 21:00 --------- d-----w C:\Program Files\32BITEMB
2008-01-08 21:04 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2007-12-28 17:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-28 17:42 --------- d-----w C:\Program Files\Circle Developement
2007-12-28 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-22 00:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-22 00:09 172,032 ------w C:\WINDOWS\Setup1.exe
2007-12-21 05:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 05:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 05:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 05:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 05:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-06 13:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-06 13:05 --------- d-----w C:\Program Files\Ahead
2007-12-06 13:04 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 PM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM 1694208]
"datemags"="C:\DOCUME~1\ADMINI~1\APPLIC~1\MANAGE~1\Show creative.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 01:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 11:48 PM 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 08:08 PM 1347584]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 10:55 PM 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 10:56 PM 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/07/2006 01:58 AM 1032192]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/14/2005 04:44 AM 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/14/2005 04:41 AM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/14/2005 04:45 AM 118784]
"SigmatelSysTrayApp"="stsystra.exe" [03/25/2006 04:30 AM 282624 C:\WINDOWS\stsystra.exe]
"MATH DOES FIRST MODE"="C:\Documents and Settings\All Users\Application Data\live 64 math does\Delete Curb.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/23/2006 11:38 PM 968696]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [12/21/2007 08:21 AM 1443072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/30/2008 06:25 PM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:00 PM 15360]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
.
s of the 'Scheduled Tasks' folder
"2008-02-04 09:00:00 C:\WINDOWS\Tasks\A808A37C91DF2148.job"
- c:\docume~1\admini~1\applic~1\manage~1\View Aim Mfcd.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-02-04 12:43:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 02/04/2008 12:43:54
ComboFix-quarantined-files.txt 2008-02-04 09:43:45
.
2008-01-24 20:39:35 --- E O F ---
انتظر ردك
عاجل