أخي الغالي الطيب العزيز
أشكرك إلف مرة على صبرك عليا
عملت البرنامج على كل الاجهزة
و جهاز وحيد الي طلع التقرير و هو كالتالي
ComboFix 08-10-03.04 - ???? ??13 10/04/2008 5:10:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.326 [GMT 3:00]
Running from: D:\Hiss80\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Fonts\wintpo80.fon
.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 05:52 7,372,189 ----a-w C:\Persi0.sys
2008-09-24 05:52 --------- d-----w C:\Program Files\HyperTechnologies
2008-09-24 05:34 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-09-24 05:21 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-09-24 05:21 172,032 ------w C:\WINDOWS\Setup1.exe
2008-09-24 05:20 --------- d-----w C:\Program Files\Ringz Studio
2008-09-24 05:19 --------- d-----w C:\Program Files\Real
2008-09-24 05:19 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-24 05:19 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 05:18 --------- d-----w C:\Program Files\Skype
2008-09-24 05:18 --------- d-----w C:\Program Files\Google
2008-09-24 05:18 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-24 05:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-24 05:14 --------- d-----w C:\Program Files\MSN Messenger
2008-09-24 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-24 05:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-24 05:09 155,995 ----a-w C:\WINDOWS\java\Packages\1B5BJZV9.ZIP
2008-09-24 05:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 05:09 --------- d-----w C:\Program Files\Yahoo!
2008-09-24 05:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-24 05:03 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-24 04:32 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-17 18:08 188,416 ----a-r C:\WINDOWS\hss8.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
08/26/2002 01:17 PM 49152 C:\WINDOWS\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 12:56 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HISS_CLT]
-ra------ 09/17/2008 09:08 PM 188416 C:\WINDOWS\hss8.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 09/30/2004 03:37 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSS]
-ra------ 09/17/2008 09:08 PM 188416 C:\WINDOWS\hss8.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 09/30/2004 03:41 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 12/11/2006 08:41 PM 25343016 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 02/07/2005 05:04 AM 94037 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 09/24/2008 08:18 AM 155896 C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\systray ]
-ra------ 09/17/2008 09:08 PM 188416 C:\WINDOWS\hss8.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09/24/2008 08:19 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 06/07/2007 02:08 PM 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\hss8.exe"=
R0 DepFrzHi;DepFrzHi;C:\WINDOWS\system32\drivers\DepFrzHi.sys [08/26/2002 01:16 PM 12288]
R0 DepFrzLo;DepFrzLo;C:\WINDOWS\system32\drivers\DepFrzLo.sys [08/26/2002 01:15 PM 52709]
R2 DFServEx;DFServEx;C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe [08/26/2002 01:15 PM 288256]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Window Title = Howbani Internet Clubs System
O17 -: HKLM\CCS\Interface\{8A0B38A8-31EF-4A1E-8F77-B8CAF7D4C7A6}: NameServer = 192.168.1.254
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-04 05:11:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\LogonDll.dll
.
Completion time: 10/04/2008 5:12:21
ComboFix-quarantined-files.txt 2008-10-04 02:12:06
Pre-Run: 17,616,859,136 bytes free
Post-Run: 17,776,824,320 bytes free
140
إلف شكر مقدما
