كيف اعرف ان جهازي مخترق او فيه تجسس

  • بادئ الموضوع بادئ الموضوع صالح115
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,077
ص

صالح115

زيزوومى فعال
إنضم
1 سبتمبر 2008
المشاركات
256
مستوى التفاعل
1
النقاط
330
الإقامة
السعوديـk.s.Aــة
غير متصل
مساء الخير

انا عندي كاسبر الاصلي

ممكن كيف اعرف اذا جهازي مخترق او فيه تجسس

لان حسابي بموقع انسرق لهالسبب

ياليت تعطوني حل
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
تم هذا هو


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:43:28 م, on 04/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: 0102141243882544mcinstcleanup - - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6003 bytes
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
ComboFix 09-06-03.04 - user 06/04/2009 19:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2550.2125 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Application Data\addons.dat
C:\msn.exe
c:\windows\101.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.
2009-06-04 16:42 . 2009-06-04 16:42 -------- d-----w- c:\program files\Trend Micro
2009-06-02 23:38 . 2009-06-02 23:38 294912 ----a-w- C:\private.exe
2009-06-02 11:33 . 2009-06-02 11:33 -------- d--h--w- c:\windows\system32\MsN
2009-06-02 00:22 . 2009-06-02 00:22 -------- d-----w- c:\documents and settings\user\Application Data\Vso
2009-06-02 00:22 . 2009-06-02 00:22 81920 ----a-w- c:\documents and settings\user\Application Data\ezpinst.exe
2009-06-02 00:22 . 2009-06-02 00:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-02 00:22 . 2009-06-02 00:22 47360 ----a-w- c:\documents and settings\user\Application Data\pcouffin.sys
2009-06-02 00:11 . 2009-06-02 00:11 120240 ----a-w- c:\documents and settings\user\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-02 00:11 . 2009-06-02 00:12 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-06-02 00:11 . 2009-06-02 00:36 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-06-02 00:11 . 2009-06-02 00:37 -------- d-----w- c:\program files\Internet Download Manager
2009-06-02 00:09 . 2009-06-02 00:09 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-06-02 00:09 . 2009-06-02 00:09 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Real
2009-06-02 00:09 . 2009-06-02 00:09 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 00:07 . 2009-06-02 00:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-02 00:07 . 2009-06-02 00:19 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2009-06-02 00:07 . 2009-06-02 00:28 -------- d-----w- c:\program files\Google
2009-06-02 00:04 . 2009-06-02 00:04 390664 ----a-w- c:\documents and settings\user\Application Data\Real\RealPlayer\setup\AU_setup6.exe
2009-06-01 23:39 . 2009-06-01 23:39 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Identities
2009-05-30 03:03 . 2009-05-30 03:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help
2009-05-30 03:02 . 2009-05-30 03:03 -------- d-----w- c:\program files\GoldWave
2009-05-29 20:42 . 2009-05-29 20:42 -------- d-----w- c:\windows\system32\??
2009-05-29 01:57 . 2009-05-29 01:57 -------- d-----w- c:\program files\AnchorFree
2009-05-27 09:30 . 2009-05-27 09:30 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2009-05-26 19:55 . 2009-05-26 19:55 -------- d-----w- c:\program files\PHP Coder
2009-05-26 19:51 . 2009-05-26 20:05 -------- d-----w- c:\documents and settings\user\Application Data\Ulead Systems
2009-05-26 19:47 . 2009-05-26 19:47 -------- d-----w- c:\program files\Windows Media Components
2009-05-26 19:46 . 2009-05-26 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-05-26 19:44 . 2009-05-26 20:10 -------- d-----w- c:\program files\Corel
2009-05-26 19:43 . 2009-05-26 19:43 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2009-05-26 17:32 . 2009-05-26 17:32 -------- d-----w- c:\documents and settings\user\Application Data\COWON
2009-05-25 21:00 . 2009-05-25 21:00 -------- d-----w- c:\documents and settings\user\Application Data\Ipswitch
2009-05-25 21:00 . 2009-05-25 21:00 -------- d-----w- c:\program files\Ipswitch
2009-05-25 20:56 . 2009-05-31 07:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-25 20:55 . 2009-05-25 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-25 20:55 . 2009-05-25 20:55 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-25 20:55 . 2009-05-25 21:25 -------- d-----w- c:\program files\McAfee
2009-05-25 20:55 . 2009-05-25 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-25 20:43 . 2009-05-25 20:43 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-05-25 19:48 . 2004-03-29 12:23 90112 ----a-w- c:\windows\unvise32.exe
2009-05-25 19:48 . 2009-05-25 19:48 -------- d-----w- c:\program files\SWiSHmax
2009-05-25 19:39 . 2009-05-25 19:39 -------- d-----w- c:\windows\Sun
2009-05-25 18:14 . 2009-05-25 18:14 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 18:14 . 2009-05-25 18:14 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 17:40 . 2009-05-25 17:46 -------- d-----w- c:\documents and settings\user\Contacts
2009-05-25 16:49 . 2009-05-25 16:49 -------- d-s---w- c:\documents and settings\user\UserData
2009-05-25 16:31 . 2009-05-25 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-25 16:31 . 2009-05-25 16:31 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-25 16:31 . 2009-05-25 16:31 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-25 16:30 . 2009-05-25 16:30 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-25 16:14 . 2009-05-25 16:15 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-05-25 16:09 . 2009-05-25 16:09 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-25 16:03 . 2009-05-25 16:04 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ACD Systems
2009-05-25 16:03 . 2009-05-25 16:03 -------- d-----w- c:\documents and settings\user\Application Data\ACD Systems
2009-05-25 15:58 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-25 15:57 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-25 15:57 . 2009-05-29 14:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-25 15:55 . 2009-05-25 15:56 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-25 15:55 . 2009-05-25 15:55 -------- d-----w- c:\windows\system32\LogFiles
2009-05-25 15:50 . 2009-05-25 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-25 15:50 . 2009-05-25 15:51 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-25 15:50 . 2009-05-25 15:50 -------- d-----w- c:\program files\ACD Systems
2009-05-25 15:49 . 2009-05-25 15:49 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations
2009-05-25 15:48 . 2009-05-29 01:59 -------- d-----w- c:\program files\Hotspot Shield
2009-05-25 15:45 . 2009-05-25 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-25 15:45 . 2004-07-26 13:16 476320 ----a-w- c:\windows\system32\imagXpr7.dll
2009-05-25 15:45 . 2004-07-26 13:16 471040 ----a-w- c:\windows\system32\imagXRA7.dll
2009-05-25 15:45 . 2004-07-26 13:16 262144 ----a-w- c:\windows\system32\imagXR7.dll
2009-05-25 15:45 . 2004-07-26 13:16 1568768 ----a-w- c:\windows\system32\imagX7.dll
2009-05-25 15:45 . 2004-07-09 05:43 364544 ----a-w- c:\windows\system32\TwnLib4.dll
2009-05-25 15:45 . 2009-05-25 15:45 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-25 15:45 . 2003-03-18 17:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-05-25 15:45 . 2009-05-25 15:45 -------- d-----w- c:\program files\Nero
2009-05-25 15:44 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-05-25 15:43 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-25 15:43 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-05-25 15:43 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll
2009-05-25 15:43 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-05-25 15:43 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-05-25 15:43 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-25 15:43 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-25 15:43 . 2009-05-25 15:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:42 . 2009-05-25 16:10 -------- d-----w- c:\program files\GRETECH
2009-05-25 15:41 . 2009-05-25 15:42 -------- d-----w- c:\program files\Common Files\COWON
2009-05-25 15:41 . 2009-06-01 09:28 -------- d-----w- c:\program files\JetAudio
2009-05-25 15:38 . 2009-06-02 00:09 -------- d-----w- c:\program files\Common Files\Real
2009-05-25 15:38 . 2009-05-25 15:38 -------- d-----w- c:\program files\Real
2009-05-25 15:36 . 2009-05-25 15:36 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-25 15:36 . 2009-05-25 15:36 -------- d-----w- c:\program files\mpegable
2009-05-25 15:36 . 2009-05-25 15:36 -------- d-----w- c:\program files\VideoLAN
2009-05-25 15:35 . 2009-05-25 15:36 -------- d-----w- c:\program files\Java
2009-05-25 15:35 . 2009-05-25 15:35 -------- d-----w- c:\program files\Common Files\Java
2009-05-25 15:34 . 2009-05-25 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-25 15:34 . 2009-05-25 15:34 -------- d-----w- c:\program files\Windows Live
2009-05-25 15:34 . 2009-05-25 15:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-25 15:33 . 2009-05-25 15:34 -------- d-----w- c:\program files\MSN Messenger
2009-05-25 15:24 . 2009-05-25 15:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-25 15:23 . 2009-05-25 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-25 15:20 . 2009-05-25 15:20 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-25 15:20 . 2009-05-25 16:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-25 15:19 . 2009-05-25 15:58 172032 ------w- c:\windows\Setup1.exe
2009-05-25 15:19 . 2009-05-25 15:58 73216 ------w- c:\windows\ST6UNST.EXE
2009-05-25 15:06 . 2003-06-18 14:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-25 15:05 . 2009-05-25 15:05 -------- d-----w- c:\program files\Common Files\L&H
2009-05-25 15:05 . 2009-05-25 15:05 -------- d-----w- c:\program files\Microsoft.NET
2009-05-25 15:04 . 2009-05-25 15:04 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-25 15:03 . 2009-05-25 15:03 -------- d-----w- c:\program files\Microsoft Works
2009-05-25 15:02 . 2009-05-25 15:05 -------- d-----w- c:\windows\SHELLNEW
2009-05-25 14:56 . 2009-05-25 14:56 -------- d-----w- c:\windows\system32\wbem\MUI
2009-05-25 14:47 . 2004-05-23 12:00 57344 ----a-w- c:\windows\system32\WMErrAra.dll
2009-05-25 14:44 . 2005-12-13 14:45 122880 ----a-w- c:\windows\system32\igfxres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 15:50 . 2009-05-24 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 13:50 . 2009-05-24 14:38 4772 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 13:50 . 2009-05-24 14:38 466976 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 13:50 . 2009-05-24 14:38 3239968 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-04 13:50 . 2009-05-24 14:38 28488 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-01 19:54 . 2009-06-01 19:54 -------- d-----w- c:\documents and settings\user\Application Data\CyberScrub
2009-06-01 19:54 . 2009-06-01 19:54 -------- d-----w- c:\documents and settings\user\Application Data\cleaner
2009-05-31 11:31 . 2009-05-29 14:19 -------- d-----w- c:\program files\Kelk 2000
2009-05-29 16:37 . 2009-05-24 14:16 402544 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 14:19 . 2009-05-29 14:19 1533952 ----a-w- c:\windows\system32\Klk79.dll
2009-05-29 14:19 . 2009-05-29 14:19 741888 ----a-w- c:\windows\system32\K2KRMT.dll
2009-05-29 14:19 . 2009-05-29 14:19 1159168 ----a-w- c:\windows\system32\KG81.dll
2009-05-29 14:19 . 2009-05-29 14:19 1059840 ----a-w- c:\windows\system32\KG32.dll
2009-05-29 14:19 . 2009-05-29 14:19 818688 ----a-w- c:\windows\system32\K2KLOC.dll
2009-05-29 14:19 . 2009-05-29 14:19 254976 ----a-w- c:\windows\system32\HLVDD.DLL
2009-05-26 19:48 . 2009-05-24 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 16:31 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-25 16:31 . 2009-05-24 14:38 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-25 16:31 . 2009-05-24 14:38 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-25 14:54 . 2009-05-24 14:08 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-24 14:38 . 2009-05-24 14:38 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-24 14:36 . 2009-05-24 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-24 14:33 . 2009-05-24 14:18 -------- d-----w- c:\program files\Dell
2009-05-24 14:30 . 2009-05-24 14:30 -------- d-----w- c:\program files\WIDCOMM
2009-05-24 14:28 . 2009-05-24 14:28 -------- d-----w- c:\program files\Broadcom
2009-05-24 14:27 . 2009-05-24 14:27 -------- d-----w- c:\program files\CONEXANT
2009-05-24 14:23 . 2009-05-24 14:23 -------- d-----w- c:\program files\Synaptics
2009-05-24 14:23 . 2009-05-24 14:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 14:22 . 2009-05-24 14:22 -------- d-----w- c:\program files\DIFX
2009-05-24 14:20 . 2009-05-24 14:20 -------- d-----w- c:\program files\Intel
2009-05-24 14:19 . 2009-05-24 14:19 -------- d-----w- c:\program files\SigmaTel
2009-05-24 14:09 . 2009-05-24 14:09 -------- d-----w- c:\program files\microsoft frontpage
2009-05-24 14:05 . 2009-05-24 14:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2007-09-07 00:24 1580544 6E266AAF4168B3569A330C61AB01F6B4 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-01_19.40.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-06-01 19:09 40326 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-06-04 16:11 40326 c:\windows\system32\perfc009.dat
+ 2009-06-02 11:33 . 2009-06-02 11:33 42365 c:\windows\system32\MsN\msnmsgr.exe
- 2009-05-25 15:38 . 2009-05-25 15:38 5632 c:\windows\system32\pndx5032.dll
+ 2009-05-25 15:38 . 2009-06-02 00:08 5632 c:\windows\system32\pndx5032.dll
+ 2009-05-25 15:38 . 2009-06-02 00:08 6656 c:\windows\system32\pndx5016.dll
- 2009-05-25 15:38 . 2009-05-25 15:38 6656 c:\windows\system32\pndx5016.dll
+ 2009-05-25 15:38 . 2009-06-02 00:08 185920 c:\windows\system32\rmoc3260.dll
+ 2009-05-25 15:38 . 2009-06-02 00:08 278528 c:\windows\system32\pncrt.dll
- 2009-05-25 15:38 . 2009-05-25 15:38 278528 c:\windows\system32\pncrt.dll
- 2004-08-04 12:00 . 2009-06-01 19:09 311938 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-06-04 16:11 311938 c:\windows\system32\perfh009.dat
+ 2009-06-02 11:33 . 2009-06-04 16:53 117386 c:\windows\system32\MsN\logg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-25 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-02 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\user\Start Menu\Programs\Startup\
MSN.exe [2009-6-2 42365]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 0102141243882544mcinstcleanup;0102141243882544mcinstcleanup; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{474E2CC9-32D4-1DC8-6CB8-368E9F8E63F0}]
c:\windows\system32\MsN\msnmsgr.exe s
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-IDMan - c:\program files\Internet Download Manager\IDMan.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.adobeme.com/products/ME/photoshop/main.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vwmgfbxm.default\
FF - component: c:\documents and settings\user\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-04 19:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1244)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-06-04 19:57
ComboFix-quarantined-files.txt 2009-06-04 16:57
ComboFix2.txt 2009-06-01 19:42
Pre-Run: 15,608,999,936 bytes free
Post-Run: 17,169,948,672 bytes free
253
 
تأييد 0
تأييد 0
ولا تنسى حفظ التقرير ووضعه بمشاركتك القادمة
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى