فعلت ما ذكرتيه أختاه وها هو التقرير
ComboFix 08-11-16.05 - aa 11/17/2008 23:03:06.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.655 [GMT 2:00]
Running from: c:\documents and settings\aa\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 19:20 --------- d-----w c:\program files\Norton AntiVirus
2008-11-17 19:02 --------- d-----w c:\program files\Symantec
2008-11-17 19:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-17 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-17 19:01 --------- d-----w c:\documents and settings\aa\Application Data\Symantec
2008-11-17 08:45 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-17 08:44 --------- d-----w c:\program files\Microsoft.NET
2008-11-17 08:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-17 08:40 --------- d-----w c:\program files\Yahoo!
2008-11-17 08:27 --------- d-----w c:\program files\IEPro
2008-11-17 08:27 --------- d-----w c:\documents and settings\aa\Application Data\IEPro
2008-11-17 08:17 --------- d-----w c:\documents and settings\aa\Application Data\TuneUp Software
2008-11-17 08:16 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 08:10 --------- d-----w c:\program files\WinASO
2008-11-17 08:07 --------- d-----w c:\program files\Marvell
2008-11-17 08:06 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-17 08:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 08:05 --------- d-----w c:\program files\Realtek Sound Manager
2008-11-17 08:05 --------- d-----w c:\program files\AvRack
2008-11-17 08:03 --------- d-----w c:\program files\UltraISO
2008-11-17 08:03 --------- d-----w c:\program files\Common Files\EZB Systems
2008-11-16 21:32 --------- d-----w c:\documents and settings\aa\Application Data\ViStart
2008-11-16 21:26 --------- d-----w c:\program files\A.S Pack
2008-11-16 21:25 --------- d-----w c:\program files\LClock
2008-11-16 21:23 --------- d-----w c:\program files\MSBuild
2008-11-16 21:17 --------- d-----w c:\program files\Reference Assemblies
2008-11-16 21:09 --------- d-----w c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
09/12/2007 10:40 PM 2320640 77b30c52aa8710d0267a6306201371b1 c:\windows\system32\ntoskrnl.exe
07/16/2007 11:02 PM 1519616 5080b1a6fc0b6bb27b2169b35dcd43e6 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 10:00 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ViStart"="c:\program files\A.S Pack\Vista Start Menu\ViStart" [X]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 10:00 AM 15360]
"LClock"="c:\program files\LClock\LClock.exe" [09/19/2004 08:27 PM 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [11/07/2006 03:26 AM 123904 c:\windows\system32\advpack.dll]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
c:\program files\A.S Pack\Vista Start Menu\ViStart [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 10:00 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 09/19/2004 08:27 PM 65536 c:\program files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
--a------ 08/16/2001 05:52 PM 74832 c:\progra~1\NORTON~1\Navapw32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 08/21/2007 10:27 AM 495616 c:\program files\A.S Pack\Rocket Dock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topdisk]
--a------ 03/16/2007 11:51 AM 1619067 c:\program files\A.S Pack\Top Desk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
--a------ 07/30/2006 03:37 AM 121089 c:\program files\A.S Pack\VDSB\vsdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTT]
--a------ 07/31/2006 01:33 PM 36864 c:\program files\A.S Pack\VTT\Visual TaskTips.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 10/27/2007 07:51 AM 3810544 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 07/10/2008 12:29 AM 77824 c:\windows\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
*Newly Created Service* - HELPSVC
.
s of the 'Scheduled Tasks' folder
2008-11-17 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [08/16/2001 06:15 PM]
2008-11-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [07/26/2001 12:23 PM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\aa\Application Data\Mozilla\Firefox\Profiles\zw9e5n52.default\
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-17 23:09:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/17/2008 23:12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-17 21:12:07
Pre-Run: 2,315,390,976 bytes free
Post-Run: 2,308,567,040 bytes free
126
