استخدم الاداة التاليه
اداة ComboFix
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
ثم الصق التقرير بردك القادم
:er:
وهاذا هو التقرير
ComboFix 08-09-26.01 - DANNY 09/27/2008 15:36:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.78 [GMT 2:00]
Running from: E:\للريجيستري\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp.temp
C:\WINDOWS\system32\sexit.dat
.
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-27 13:38 327,712 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-27 13:38 2,200 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-27 13:38 11,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-27 13:38 1,383,456 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-27 13:26 --------- d-----w C:\Program Files\Kerish Doctor 2008
2008-09-25 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 15:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-23 15:15 --------- d-----w C:\Program Files\SACC - TDL
2008-09-23 15:14 --------- d-----w C:\Documents and Settings\DANNY\Application Data\InstallShield
2008-09-17 18:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-16 19:21 --------- d-----w C:\Program Files\FlashGet
2008-09-07 17:52 --------- d-----w C:\Documents and Settings\DANNY\Application Data\RegistryBot
2008-09-03 09:52 --------- d-----w C:\Documents and Settings\DANNY\Application Data\Nokia
2008-08-23 18:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-23 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-08-12 15:25 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-09 20:50 --------- d-----w C:\Program Files\Kristanix
2008-08-06 16:18 --------- d-----w C:\Program Files\Folder Lock
2008-08-04 17:24 --------- d-----w C:\Program Files\ReflexiveArcade
2008-07-30 16:12 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-30 17:47 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-30 17:47 172,032 ------w C:\WINDOWS\Setup1.exe
.
------- Sigcheck -------
08/04/2004 09:56 AM 1134080 0657a5b234a9abb3f0b63e2f422220b5 C:\WINDOWS\system32\WININET.DLL
08/04/2004 09:56 AM 1134080 0657a5b234a9abb3f0b63e2f422220b5 C:\WINDOWS\system32\dllcache\wininet.dll
08/04/2004 08:14 AM 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
08/04/2004 08:14 AM 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
08/04/2004 09:56 AM 2710528 8a5cd5a66652ef0c3a1da80e1bbd13aa C:\WINDOWS\explorer.exe
08/04/2004 09:56 AM 2710528 8a5cd5a66652ef0c3a1da80e1bbd13aa C:\WINDOWS\system32\dllcache\explorer.exe
08/04/2004 09:56 AM 247808 90f22357bde642442720a09bbcf8031e C:\WINDOWS\system32\wuauclt.exe
08/04/2004 09:56 AM 247808 90f22357bde642442720a09bbcf8031e C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:56 AM 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 09:11 AM 8523776]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/15/2008 07:39 PM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^DANNY^Start Menu^Programs^Startup^Y'z Toolbar.lnk]
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\npsliqr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 09:56 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 10/27/2006 02:06 PM 863744 C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 07/25/2007 12:22 PM 1998896 C:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 08/04/2004 01:06 AM 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:54 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 12/05/2007 09:11 AM 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 11/08/2006 01:27 PM 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 02/08/2008 09:20 PM 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 04/15/2008 07:39 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 03/27/2007 03:22 PM 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 12/05/2007 09:11 AM 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Mayosoft Games\\FIFA 2007 New\\fifa07.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 -: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
------- File Associations -------
.
txtfile=C:\WINDOWS\notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-27 15:41:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\DANNY\LOCALS~1\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\DANNY\LOCALS~1\Temp\catchme.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 09/27/2008 15:42:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 13:42:35
Pre-Run: 4,067,201,024 bytes free
Post-Run: 4,094,488,576 bytes free
168
k:
