أخي الكريم الجنتل : تم استخدام الأداة وتم إعادة التشغيل تلقائياً وتم صدور التقرير
ولكن السؤال هو : أنا استخدمتُ الأداة والهاردسك والفلاش مشبوكين في الجهاز وفيها كراكات
عبارة عن مفاتيح لبعض البرامج فهل تم حذفها أو تعطيلها ؟
الشيء الآخر الأداة لازالت نافذتها مفتوحة ومكتوب فيها بليز ويت مع أن التقرير قد صدر فهل أغلقها ؟
إليك التقرير
ComboFix 08-07-11.1 - B 07/14/2008 9:55:22.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1618 [GMT 3:00]
Running from: I:\تحميلاتي من خط دي اس ال\حماية وصيانة\أدوات فحص الجهاز واصدار التقارير ، أداة الهايجاك وأداة التظيف\أداة ComboFix\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\oeminfo.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 06:56 93,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-14 06:56 40,992 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-14 06:56 3,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-14 06:56 3,316 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-14 06:46 --------- d-----w C:\Program Files\Unlocker
2008-07-14 06:46 --------- d-----w C:\Documents and Settings\B\Application Data\Desktopicon
2008-07-14 03:22 --------- d-----w C:\Documents and Settings\B\Application Data\Zyzoom_Autorun_Viruses_cleaner
2008-07-12 05:28 --------- d-----w C:\Program Files\RightClickGoogleSearchOpenSelectedURL
2008-07-12 05:05 --------- d-----w C:\Program Files\Kristanix
2008-07-12 00:31 --------- d-----w C:\Program Files\TextAloud
2008-07-11 02:37 --------- d-----w C:\Program Files\شئون الموظفين
2008-07-09 22:22 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-07-09 17:30 --------- d-----w C:\Program Files\UltraISO
2008-07-09 17:30 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-07-09 16:25 --------- d-----w C:\Program Files\Dream Aquarium
2008-07-09 16:15 --------- d-----w C:\Program Files\CubeDesktop
2008-07-09 16:15 --------- d-----w C:\Documents and Settings\B\Application Data\Thinking Minds Budiling Bytes
2008-07-09 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-09 15:08 --------- d-----w C:\Program Files\قاموس صخر الجديد
2008-07-04 04:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pictomio
2008-07-04 04:15 --------- d-----w C:\Program Files\Pictomio
2008-07-04 00:39 --------- d-----w C:\Program Files\Common Files\ParetoLogic
2008-07-04 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-07-02 22:56 --------- d-----w C:\Program Files\Piky
2008-07-02 22:56 --------- d-----w C:\Program Files\Cryptomathic
2008-07-01 23:15 --------- d-----w C:\Documents and Settings\B\Application Data\zweitgeist
2008-06-30 00:45 --------- d-----w C:\Program Files\التربية والتعليم
2008-06-29 21:32 186,368 ----a-w C:\WINDOWS\التربية والتعليم.scr
2008-06-28 06:22 --------- d-----w C:\Program Files\Project1
2008-06-28 00:40 --------- d-----w C:\Program Files\MSECache
2008-06-27 15:26 --------- d-----w C:\Program Files\Abdio
2008-06-27 11:00 --------- d-----w C:\Program Files\3ndna
2008-06-27 01:58 --------- d-----w C:\Program Files\VistaDrives
2008-06-26 23:39 --------- d-----w C:\Program Files\SuadiSMS
2008-06-24 23:11 --------- d-----w C:\Documents and Settings\B\Application Data\pdfMachine
2008-06-24 21:35 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-24 21:35 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-24 20:48 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-24 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-24 18:35 --------- d-----w C:\Program Files\IE Image Extensions
2008-06-23 03:53 --------- d-----w C:\Program Files\Opera
2008-06-18 19:44 2,528 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-18 11:06 --------- d-----w C:\Documents and Settings\B\Application Data\Windows Search
2008-06-18 11:05 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-11 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-01 09:36 155,995 ----a-w C:\WINDOWS\java\Packages\6QSRXNPV.ZIP
2008-05-31 00:20 --------- d-----w C:\Program Files\TeamViewer3
2008-05-30 23:40 --------- d-----w C:\Documents and Settings\B\Application Data\TeamViewer
2008-05-30 23:10 --------- d-----w C:\Program Files\Popup Blocker
2008-05-29 18:44 1,024 ----a-w C:\Documents and Settings\All Users\Application Data\1doc2pdf.dll
2008-05-29 18:39 --------- d-----w C:\Program Files\psconvert
2008-05-26 00:41 5,632 ----a-w C:\WINDOWS\system32\cocpyinf.dll
2008-05-25 23:31 --------- d-----w C:\Documents and Settings\B\Application Data\MiniDm
2008-05-25 20:51 --------- d-----w C:\Program Files\IEPro
2008-05-25 20:51 --------- d-----w C:\Documents and Settings\B\Application Data\IEPro
2008-05-25 10:43 --------- d-----w C:\Program Files\Cracklock
2008-05-23 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\{CD64E9C4-4D54-4640-A70E-5452AC9F3290}
2008-05-16 19:49 --------- d-----w C:\Program Files\Samy Soft
2008-05-16 19:18 --------- d-----w C:\Program Files\GVR
2008-05-16 00:37 --------- d-----w C:\Program Files\Mobily.ws
2008-04-25 15:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-25 07:00 4,608 ----a-w C:\WINDOWS\system32\bbchlp.dll
2008-04-25 07:00 27,776 ----a-w C:\WINDOWS\system32\bbcap.dll
2008-01-09 15:07 440,842 ----a-w C:\Program Files\Common Files\wafi_msg.bmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [01/26/2008 06:57 AM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [08/16/2007 04:19 PM 5728112]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [03/25/2008 05:06 PM 932864]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [01/26/2008 06:57 AM 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 08:16 PM 286720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/28/2007 07:43 PM 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/28/2007 07:43 PM 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/25/2008 07:14 PM 185896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [08/27/2004 11:01 AM 1450096]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 07:42 PM 32768]
"bgsmsnd.exe"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd.exe" [04/26/2005 11:58 AM 106496]
"Vistadrv"="C:\Program Files\VistaDrives\vsdrv.exe" [07/30/2006 03:37 AM 121089]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 07:15 AM 15872]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"nwiz"="nwiz.exe" [06/28/2007 07:43 PM 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [09/19/2007 01:14 PM 16844800 C:\WINDOWS\RTHDCPL.exe]
"tm"="TmRegK.exe" [01/02/2008 09:17 PM 481994 C:\WINDOWS\TmRegK.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [01/26/2008 06:57 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [10/30/2007 03:36 PM 13801]
"TSClientAXDisabler"="C:\WINDOWS\Installer\TSClientMsiTrans\tscdsbl.bat" [01/18/2008 08:43 PM 2247]
C:\Documents and Settings\B\Start Menu\Programs\Startup\
Ela-Salaty.lnk - C:\Program Files\Ela-Salaty\Salaty.exe [2006-07-22 03:57:20 4739584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 11:11:48 6395464]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-03-25 19:19:44 389120]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-25 19:52:33 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [04/25/2008 10:00 AM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-USBFireWall - C:\Program Files\Net Studio\USB_FW.exe
HKCU-Run-CubeDesktop - (no file)
HKLM-Run-Device Detector - DevDetect.exe
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)
HKLM-Run-SystemBackup - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-07-14 09:58:33
Windows 5.1.2600 Service Pack 3, v.3300 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\ACD SYSTEMS\EN\DEVDETECT.EXE
C:\PROGRAM FILES\TECHSMITH\SNAGIT 8\TSCHELP.EXE
C:\PROGRAM FILES\TECHSMITH\SNAGIT 8\SNAGPRIV.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEMONITOR.EXE
.
**************************************************************************
.
Completion time: 07/14/2008 9:59:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 06:59:52
Pre-Run: 12,212,420,608 bytes free
Post-Run: 12,321,964,032 bytes free
194 --- E O F --- 2008-07-10 16:45:30
k: :d:
