اولا
عطل برامج الحماية لديك
نزل هذه الاداة
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول
ثانيا
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
الله يجزاك بالجنه اخوي اعتز بك ويرحم والديك عن النار ،،
هذا التقرير الأول ،، والعذر والسموحه على التأخر بالرد لظروف العمل ،،
ComboFix 09-05-02.4 - user 05/02/2009 20:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.767.533 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.
2009-05-02 17:57 . 2009-05-02 17:57 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ESET
2009-04-26 17:33 . 2009-04-26 17:33 -------- d-----w c:\program files\ESET
2009-04-26 17:33 . 2009-04-26 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\documents and settings\user\Application Data\CyberScrub
2009-04-26 17:24 . 2009-04-26 17:24 -------- d-----w c:\documents and settings\user\Application Data\cleaner
2009-04-24 18:11 . 2009-04-24 18:11 -------- d-----w c:\documents and settings\user\DoctorWeb
2009-04-24 15:08 . 2009-04-24 15:08 -------- d-----w c:\documents and settings\user\Application Data\Media Player Classic
2009-04-24 13:56 . 2009-04-24 13:56 -------- d-----w c:\program files\CCleaner
2009-04-24 11:43 . 2009-04-24 11:43 -------- d-----w c:\documents and settings\user\Application Data\URSoft
2009-04-24 11:43 . 2009-05-01 04:27 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-24 11:43 . 2009-04-24 11:45 -------- d-----w c:\program files\Your Uninstaller 2008
2009-04-23 10:02 . 2009-04-23 10:02 -------- d-----w c:\windows\Sun
2009-04-23 00:32 . 2009-04-23 00:32 -------- d-----w c:\documents and settings\user\Application Data\COWON
2009-04-22 22:32 . 2009-04-22 22:32 -------- d-s---w c:\documents and settings\user\UserData
2009-04-22 22:16 . 2009-04-22 22:16 -------- d--h--w c:\windows\PIF
2009-04-22 22:10 . 2009-04-22 22:10 -------- d-----w c:\program files\Lavalys
2009-04-22 17:42 . 2009-04-23 06:14 -------- d-----w c:\documents and settings\user\Application Data\Ahead
2009-04-22 16:59 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-22 16:59 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-22 16:58 . 2007-07-16 15:23 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys
2009-04-22 16:58 . 2007-07-16 15:23 101120 ----a-w c:\windows\system32\drivers\ewusbmdm.sys
2009-04-22 16:58 . 2009-04-22 17:00 -------- d-----w c:\program files\Mobily Connect Card
2009-04-22 16:55 . 2004-08-03 20:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-22 16:08 . 2009-04-22 16:08 -------- d-----w c:\windows\speech
2009-04-22 16:07 . 2009-04-22 16:08 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-22 16:07 . 2009-04-22 16:07 172032 ------w c:\windows\Setup1.exe
2009-04-22 16:07 . 2009-04-22 16:07 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-21 21:28 . 2009-04-24 18:09 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 17:57 . 2009-04-21 17:29 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 17:53 . 2004-08-04 12:00 40118 ----a-w c:\windows\system32\perfc001.dat
2009-05-02 17:53 . 2004-08-04 12:00 251674 ----a-w c:\windows\system32\perfh001.dat
2009-04-23 11:54 . 2009-04-21 17:42 -------- d-----w c:\program files\Circle Developement
2009-04-23 10:10 . 2009-04-21 17:40 -------- d-----w c:\program files\Java
2009-04-23 06:10 . 2009-04-21 17:24 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-21 18:07 . 2009-04-21 18:05 -------- d-----w c:\program files\Common Files\Ahead
2009-04-21 18:05 . 2009-04-21 18:05 -------- d-----w c:\program files\Nero
2009-04-21 17:46 . 2009-04-21 17:46 -------- d-----w c:\program files\Common Files\xing shared
2009-04-21 17:46 . 2009-04-21 17:45 -------- d-----w c:\program files\Real
2009-04-21 17:46 . 2009-04-21 17:45 -------- d-----w c:\program files\Common Files\Real
2009-04-21 17:45 . 2009-04-21 17:44 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-21 17:45 . 2009-04-21 17:44 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-21 17:45 . 2009-04-21 17:45 -------- d-----w c:\program files\mpegable
2009-04-21 17:45 . 2009-04-21 17:45 47104 ------w c:\windows\AKDeInstall.exe
2009-04-21 17:44 . 2009-04-21 17:44 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-21 17:43 . 2009-04-21 17:43 -------- d-----w c:\program files\Common Files\COWON
2009-04-21 17:43 . 2009-04-21 17:43 -------- d-----w c:\program files\JetAudio
2009-04-21 17:43 . 2009-04-21 17:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 17:42 . 2009-04-21 17:42 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-21 17:40 . 2009-04-21 17:40 -------- d-----w c:\program files\Windows Live
2009-04-21 17:39 . 2009-04-21 17:39 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-21 17:39 . 2009-04-21 17:39 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-21 17:39 . 2009-04-21 17:39 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-21 17:39 . 2009-04-21 17:39 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-21 17:39 . 2009-04-21 17:39 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-21 17:39 . 2009-04-21 17:39 196608 ----a-w c:\windows\system32\maag.dll
2009-04-21 17:39 . 2009-04-21 17:39 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-21 17:39 . 2009-04-21 17:39 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-21 17:38 . 2009-04-21 17:38 -------- d-----w c:\program files\Common Files\Adobe
2009-04-21 17:36 . 2009-04-21 17:36 94632 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 17:34 . 2009-04-21 17:34 -------- d-----w c:\program files\Microsoft.NET
2009-04-21 17:33 . 2009-04-21 17:33 -------- d-----w c:\program files\Microsoft Works
2009-04-21 17:25 . 2009-04-21 17:25 -------- d-----w c:\program files\microsoft frontpage
2009-04-21 17:25 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-21 17:22 . 2009-04-21 17:22 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-09 12:21 . 2009-04-09 12:21 94360 ----a-w c:\windows\system32\drivers\epfwtdir.sys
2009-04-09 12:18 . 2009-04-09 12:18 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-04-09 12:10 . 2009-04-09 12:10 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-09 02:19 . 2009-04-21 17:40 410984 ----a-w c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-05-30 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
R4 NeroRegInCDSrv;Nero Registry InCD Service; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e5b38ef-2f5c-11de-9a8c-d3a317b69ca7}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-02 20:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-02 20:59
ComboFix-quarantined-files.txt 2009-05-02 17:59
Pre-Run: 15,730,888,704 bytes free
Post-Run: 15,784,177,664 bytes free
132
