عملت تقرير بالاداة كمبوفيكس..وفقكم الله

  • بادئ الموضوع بادئ الموضوع شبنان
  • تاريخ البدء تاريخ البدء
  • المشاهدات 580
الحالة
مغلق و غير مفتوح للمزيد من الردود.
ش

شبنان

زيزوومي نشيط
إنضم
24 يوليو 2007
المشاركات
132
مستوى التفاعل
6
النقاط
170
الإقامة
ksa
غير متصل
ComboFix 08-12-02.02 - 77 12/04/2008 12:58:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.157 [GMT 3:00]
Running from: c:\documents and settings\77\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 10:06 --------- d-----w c:\documents and settings\77\Application Data\Skype
2008-12-04 10:06 --------- d-----w c:\documents and settings\77\Application Data\DMCache
2008-12-04 10:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-04 10:01 303,136 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-04 10:01 2,116 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-04 10:01 10,600 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-04 10:01 1,218,592 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-28 10:36 47,104 ------w c:\windows\AKDeInstall.exe
2008-11-28 10:36 --------- d-----w c:\program files\mpegable
2008-11-27 10:26 --------- d-----w c:\program files\Skype
2008-11-27 10:24 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-27 09:48 --------- d-----w c:\documents and settings\77\Application Data\skypePM
2008-11-25 21:06 --------- d-----w c:\program files\Paltalk Messenger
2008-11-24 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-23 19:32 --------- d-----w c:\program files\Windows Live
2008-11-23 19:32 --------- d-----w c:\program files\MSN Messenger
2008-11-23 19:32 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-08 20:58 --------- d-----w c:\program files\Internet Download Manager
2008-11-08 20:36 --------- d-----w c:\documents and settings\77\Application Data\Paltalk
2008-11-04 18:05 --------- d-----w c:\documents and settings\77\Application Data\IDM
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 09:51 155,995 ----a-w c:\windows\java\Packages\WXFXJPF1.ZIP
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 11:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 11:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 09:25 502,480 ----a-w C:\Setup.zip
2008-09-30 09:24 12,581,096 ----a-w C:\Sjetup.zip
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 02:55 599 ----a-w C:\وندززز.zip
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 03:12 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [09/12/2008 01:44 PM 2606512]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [07/21/2006 01:06 PM 20036648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\azzam.exe" [04/04/2008 03:22 PM 6731312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [08/16/2008 03:24 AM 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 03:12 AM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2007-12-11 10260480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
08/03/2006 01:20 PM 188482 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.speex32"= speex32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Paltalk Messenger\\Paltalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\77\Application Data\Mozilla\Firefox\Profiles\n0u93x7x.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-04 13:04:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZCfgSvc.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 12/04/2008 13:08:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 10:08:07
Pre-Run: 111,865,077,760 bytes free
Post-Run: 111,875,092,480 bytes free
127 --- E O F --- 2008-10-24 10:08:52​
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اهلاا بك اخي

يظهر عندك ملف ضار وتم حذفه
موفق
 
تأييد 0
شكرا أخوي ماكس

وماهو الملف الضار

و اذا ممكن استفيد منك أخوي ويكون هناك دورة تحليله لي أداة كمبو فيكس

وان شاء الله المنتدي يكون من افضل المواقع العربيه
 
تأييد 0
اهلاا بك اخي
الملف غير معروف بالنسبة لي
وان شاء الله سيكون هناك دورة لتعليم تحليل الكمبو فيكس
دمت بود

يغلق لانتهائه
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى