زمن النسيان
زيزوومى متألق
غير متصل
جهازي تم اختراقه ابي حل بسررررررعه
للعلم انا مركب الديب فريز فقط كحماية
للعلم انا مركب الديب فريز فقط كحماية
- بادئ الموضوع زمن النسيان
- تاريخ البدء
- 954
زمن النسيان
زيزوومى متألق
غير متصل
الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40:19 ص, on 30/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDD2A00A-8760-4B30-B461-B2F4F83F9F6E}: NameServer = 93.182.182.85 93.182.182.85
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5084 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40:19 ص, on 30/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDD2A00A-8760-4B30-B461-B2F4F83F9F6E}: NameServer = 93.182.182.85 93.182.182.85
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5084 bytes
تأييد
0
زمن النسيان
زيزوومى متألق
غير متصل
اخوي انا عامل حماية للسي فقط
اخاف ملف الاختراق قبل انزل الديب فريز يعني مااستفدت شي
في طريقه افحص فيها واتأكد ؟اذا برامج حماية ايش اقواهم ؟
<<<يتنافض خخخخخخخ
اخاف ملف الاختراق قبل انزل الديب فريز يعني مااستفدت شي
في طريقه افحص فيها واتأكد ؟اذا برامج حماية ايش اقواهم ؟
<<<يتنافض خخخخخخخ
تأييد
0
صمت السكوت
زيزوومى محترف
- إنضم
- 3 أبريل 2008
- المشاركات
- 5,058
- مستوى التفاعل
- 53
- النقاط
- 830
غير متصل
عطل برامج الحمايه
حمل هذه الاداة ComboFix واحفظها على سطح المكتب
او
او
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
حمل هذه الاداة ComboFix واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : صمت السكوت
تأييد
0
زمن النسيان
زيزوومى متألق
غير متصل
هذا التقرير اخوي
ComboFix 09-07-29.03 - Administrator 07/30/2009 2:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1014.677 [GMT 3:00]
Running from: d:\فحص الجهاز\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\ed185.msp
c:\windows\Installer\ed186.msp
c:\windows\Installer\ed187.msp
c:\windows\Installer\ed188.msp
c:\windows\Installer\ed189.msp
c:\windows\Installer\ed18a.msp
c:\windows\Installer\ed18b.msp
c:\windows\Installer\ed18c.msp
c:\windows\Installer\ed18d.msp
c:\windows\linkinfo.dll
c:\windows\system32\drivers\cdralw.sys
c:\windows\system32\wmdrtc32.dl_
c:\windows\system32\wmdrtc32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Legacy_CDRALW
-------\Service_asc3360pr
-------\Service_cdralw
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.
2009-07-21 13:17 . 2009-07-21 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-07-21 13:15 . 2009-07-21 13:15 -------- d-----w- c:\program files\TechSmith
2009-07-21 13:12 . 2009-07-21 13:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 12:40 . 2004-08-03 20:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-07-21 12:40 . 2004-08-03 20:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-21 12:40 . 2004-08-03 20:15 82944 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2009-07-21 12:40 . 2004-08-03 20:15 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-07-21 12:40 . 2004-08-03 20:07 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2009-07-21 12:40 . 2004-08-03 20:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-07-21 12:40 . 2001-08-17 11:00 54272 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2009-07-21 12:40 . 2001-08-17 11:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-07-21 12:40 . 2004-08-03 19:39 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
2009-07-21 12:40 . 2004-08-03 19:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-21 12:40 . 2004-08-03 20:07 171776 -c--a-w- c:\windows\system32\dllcache\kmixer.sys
2009-07-21 12:40 . 2004-08-03 20:07 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-07-21 12:33 . 2005-11-16 05:41 114688 ----a-r- c:\windows\system32\Uci32103.dll
2009-07-21 12:33 . 2009-07-21 12:33 -------- d-----w- c:\program files\CONEXANT
2009-07-21 12:33 . 2005-10-05 04:57 12544 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2009-07-21 12:33 . 2005-10-05 04:56 86016 ----a-r- c:\windows\system32\mdmxsdk.dll
2009-07-21 12:33 . 2005-12-01 07:40 936960 ----a-r- c:\windows\system32\drivers\HSX_DPV.sys
2009-07-21 12:33 . 2005-12-01 07:40 192512 ----a-r- c:\windows\system32\drivers\HSXHWAZL.sys
2009-07-21 12:33 . 2005-12-01 07:40 669696 ----a-r- c:\windows\system32\drivers\HSX_CNXT.sys
2009-07-21 12:33 . 2004-08-03 21:55 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-07-21 12:33 . 2004-08-03 21:55 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-07-21 12:33 . 2004-08-03 20:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-07-21 12:33 . 2004-08-03 20:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-07-21 12:29 . 2009-07-21 12:29 -------- d-----w- c:\windows\system32\vmm32
2009-07-21 12:09 . 2009-07-21 12:09 -------- d-----w- c:\program files\No-IP
2009-07-21 12:02 . 2009-07-21 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-20 12:16 . 2009-07-21 12:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TechSmith
2009-07-20 12:16 . 2009-07-20 12:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-20 12:16 . 2008-07-10 10:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-07-20 12:16 . 2009-07-20 12:16 -------- d-----w- c:\windows\system32\QuickTime
2009-07-20 12:15 . 2009-07-20 12:15 -------- d-----w- c:\windows\system32\Flash
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-02 20:43 . 2009-07-20 11:13 77176 ----a-w- c:\windows\Fonts\SC_OUHOD.ttf
2016-12-30 15:03 . 2009-07-20 11:13 63168 ----a-w- c:\windows\Fonts\SC_HANI.ttf
2016-12-30 15:02 . 2009-07-20 11:13 75820 ----a-w- c:\windows\Fonts\SC_DUBAI.ttf
2009-07-29 23:08 . 2009-07-21 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-07-29 23:05 . 2001-09-19 10:00 52520 ----a-w- c:\windows\system32\perfc001.dat
2009-07-29 23:05 . 2001-09-19 10:00 280548 ----a-w- c:\windows\system32\perfh001.dat
2009-07-21 13:17 . 2009-07-21 13:17 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-21 12:39 . 2009-07-21 12:39 -------- d-----w- c:\program files\SigmaTel
2009-07-21 12:29 . 2009-07-20 09:37 -------- d-----w- c:\program files\Dell
2009-07-21 12:28 . 2009-07-20 10:06 -------- d-----w- c:\program files\Creative
2009-07-21 12:27 . 2009-07-20 10:10 5477 ----a-w- c:\windows\system32\drivers\ltmjun.sys
2009-07-21 12:17 . 2009-07-20 10:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-20 11:16 . 2009-07-20 11:16 16299862 ------w- C:\$Persi0.sys
2009-07-20 11:16 . 2009-07-20 11:16 -------- d-----w- c:\program files\Faronics
2009-07-20 11:14 . 2009-07-20 11:14 -------- d-----w- c:\program files\Windows Live
2009-07-20 11:14 . 2009-07-20 11:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-20 11:14 . 2009-07-20 10:44 -------- d-----w- c:\program files\MSN Messenger
2009-07-20 11:14 . 2009-07-20 11:09 129064 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 11:13 . 2009-07-20 11:13 -------- d-----w- c:\program files\Internet Download Manager
2009-07-20 11:13 . 2009-07-20 11:13 -------- d-----w- c:\program files\.Tonec Inc
2009-07-20 10:57 . 2009-07-20 10:57 -------- d-----w- c:\program files\Microsoft.NET
2009-07-20 10:52 . 2009-07-20 10:52 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-20 10:52 . 2009-07-20 10:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-07-20 10:51 . 2009-07-20 10:51 -------- d-----w- c:\program files\Common Files\Skype
2009-07-20 10:51 . 2009-07-20 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-20 10:51 . 2009-07-20 10:51 -------- d-----w- c:\program files\Skype
2009-07-20 10:50 . 2009-07-20 10:50 -------- d-----w- c:\program files\mpegable
2009-07-20 10:50 . 2009-07-20 10:50 47104 ------w- c:\windows\AKDeInstall.exe
2009-07-20 10:49 . 2009-07-20 09:03 2048 --s-a-w- c:\windows\bootstet.dat
2009-07-20 10:35 . 2009-07-20 10:34 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-20 10:34 . 2009-07-20 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-07-20 10:34 . 2009-07-20 10:34 -------- d-----w- c:\program files\ACD Systems
2009-07-20 10:32 . 2009-07-20 10:31 -------- d-----w- c:\program files\The KMPlayer
2009-07-20 10:30 . 2009-07-20 10:30 -------- d-----w- c:\program files\Google
2009-07-20 10:30 . 2009-07-20 10:30 -------- d-----w- c:\program files\GRETECH
2009-07-20 10:29 . 2009-07-20 10:29 0 ----a-w- c:\windows\nsreg.dat
2009-07-20 10:27 . 2009-07-20 10:27 -------- d-----w- c:\program files\Yahoo!
2009-07-20 10:18 . 2009-07-20 10:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 10:18 . 2009-07-20 10:18 -------- d-----w- c:\program files\Java
2009-07-20 10:13 . 2009-07-20 10:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-07-20 10:12 . 2009-07-20 10:11 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-20 10:11 . 2009-07-20 10:11 -------- d-----w- c:\program files\VideoLAN
2009-07-20 10:06 . 2009-07-20 09:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-20 09:53 . 2009-07-20 09:53 -------- d-----w- c:\program files\Marvell
2009-07-20 09:53 . 2009-07-20 09:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-20 09:53 . 2009-07-20 09:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\TMP
2009-07-20 09:44 . 2009-07-20 09:44 -------- d-----w- c:\program files\Intel
2009-07-20 09:42 . 2009-07-20 09:42 -------- d-----w- c:\program files\Broadcom
2009-07-20 09:35 . 2009-07-20 09:35 -------- d-----w- c:\program files\WIDCOMM
2009-07-20 09:01 . 2009-07-20 09:01 -------- d-----w- c:\program files\microsoft frontpage
2009-07-20 09:00 . 2009-07-20 09:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-20 08:57 . 2009-07-20 08:57 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-01-20 05:18 . 2009-07-20 10:28 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2008-01-07 15:15 1547776 D74083DCEC51D5291EF24D8D055D133A c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2007-06-28 17:39 65536 ----a-w- c:\windows\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k
*
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalStart.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Snagit 9.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Snagit 9.lnk
backup=c:\windows\pss\Snagit 9.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\تعريفات جهازي\\MyDrivers.exe"=
"d:\\تعريف الصوت مجرب\\تعريف الصوت للديل.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\برامج1430هـ\\snagit9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqsnotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [28/06/2007 08:45 م 131472]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [07/01/2008 11:19 ص 124928]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v9k6xppv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-30 02:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\LogonDll.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(2656)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\TechSmith\Snagit 9\TscHelp.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\SnagitEditor.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-29 2:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 23:10
Pre-Run: 15,799,488,512 bytes free
Post-Run: 15,790,407,680 bytes free
218
ComboFix 09-07-29.03 - Administrator 07/30/2009 2:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1014.677 [GMT 3:00]
Running from: d:\فحص الجهاز\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\ed185.msp
c:\windows\Installer\ed186.msp
c:\windows\Installer\ed187.msp
c:\windows\Installer\ed188.msp
c:\windows\Installer\ed189.msp
c:\windows\Installer\ed18a.msp
c:\windows\Installer\ed18b.msp
c:\windows\Installer\ed18c.msp
c:\windows\Installer\ed18d.msp
c:\windows\linkinfo.dll
c:\windows\system32\drivers\cdralw.sys
c:\windows\system32\wmdrtc32.dl_
c:\windows\system32\wmdrtc32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Legacy_CDRALW
-------\Service_asc3360pr
-------\Service_cdralw
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.
2009-07-21 13:17 . 2009-07-21 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-07-21 13:15 . 2009-07-21 13:15 -------- d-----w- c:\program files\TechSmith
2009-07-21 13:12 . 2009-07-21 13:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 12:40 . 2004-08-03 20:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-07-21 12:40 . 2004-08-03 20:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-21 12:40 . 2004-08-03 20:15 82944 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
2009-07-21 12:40 . 2004-08-03 20:15 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-07-21 12:40 . 2004-08-03 20:07 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2009-07-21 12:40 . 2004-08-03 20:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-07-21 12:40 . 2001-08-17 11:00 54272 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
2009-07-21 12:40 . 2001-08-17 11:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-07-21 12:40 . 2004-08-03 19:39 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
2009-07-21 12:40 . 2004-08-03 19:39 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-21 12:40 . 2004-08-03 20:07 171776 -c--a-w- c:\windows\system32\dllcache\kmixer.sys
2009-07-21 12:40 . 2004-08-03 20:07 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-07-21 12:33 . 2005-11-16 05:41 114688 ----a-r- c:\windows\system32\Uci32103.dll
2009-07-21 12:33 . 2009-07-21 12:33 -------- d-----w- c:\program files\CONEXANT
2009-07-21 12:33 . 2005-10-05 04:57 12544 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2009-07-21 12:33 . 2005-10-05 04:56 86016 ----a-r- c:\windows\system32\mdmxsdk.dll
2009-07-21 12:33 . 2005-12-01 07:40 936960 ----a-r- c:\windows\system32\drivers\HSX_DPV.sys
2009-07-21 12:33 . 2005-12-01 07:40 192512 ----a-r- c:\windows\system32\drivers\HSXHWAZL.sys
2009-07-21 12:33 . 2005-12-01 07:40 669696 ----a-r- c:\windows\system32\drivers\HSX_CNXT.sys
2009-07-21 12:33 . 2004-08-03 21:55 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-07-21 12:33 . 2004-08-03 21:55 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-07-21 12:33 . 2004-08-03 20:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-07-21 12:33 . 2004-08-03 20:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-07-21 12:29 . 2009-07-21 12:29 -------- d-----w- c:\windows\system32\vmm32
2009-07-21 12:09 . 2009-07-21 12:09 -------- d-----w- c:\program files\No-IP
2009-07-21 12:02 . 2009-07-21 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-20 12:16 . 2009-07-21 12:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TechSmith
2009-07-20 12:16 . 2009-07-20 12:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-20 12:16 . 2008-07-10 10:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-07-20 12:16 . 2009-07-20 12:16 -------- d-----w- c:\windows\system32\QuickTime
2009-07-20 12:15 . 2009-07-20 12:15 -------- d-----w- c:\windows\system32\Flash
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-02 20:43 . 2009-07-20 11:13 77176 ----a-w- c:\windows\Fonts\SC_OUHOD.ttf
2016-12-30 15:03 . 2009-07-20 11:13 63168 ----a-w- c:\windows\Fonts\SC_HANI.ttf
2016-12-30 15:02 . 2009-07-20 11:13 75820 ----a-w- c:\windows\Fonts\SC_DUBAI.ttf
2009-07-29 23:08 . 2009-07-21 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-07-29 23:05 . 2001-09-19 10:00 52520 ----a-w- c:\windows\system32\perfc001.dat
2009-07-29 23:05 . 2001-09-19 10:00 280548 ----a-w- c:\windows\system32\perfh001.dat
2009-07-21 13:17 . 2009-07-21 13:17 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-21 12:39 . 2009-07-21 12:39 -------- d-----w- c:\program files\SigmaTel
2009-07-21 12:29 . 2009-07-20 09:37 -------- d-----w- c:\program files\Dell
2009-07-21 12:28 . 2009-07-20 10:06 -------- d-----w- c:\program files\Creative
2009-07-21 12:27 . 2009-07-20 10:10 5477 ----a-w- c:\windows\system32\drivers\ltmjun.sys
2009-07-21 12:17 . 2009-07-20 10:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-20 11:16 . 2009-07-20 11:16 16299862 ------w- C:\$Persi0.sys
2009-07-20 11:16 . 2009-07-20 11:16 -------- d-----w- c:\program files\Faronics
2009-07-20 11:14 . 2009-07-20 11:14 -------- d-----w- c:\program files\Windows Live
2009-07-20 11:14 . 2009-07-20 11:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-20 11:14 . 2009-07-20 10:44 -------- d-----w- c:\program files\MSN Messenger
2009-07-20 11:14 . 2009-07-20 11:09 129064 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 11:13 . 2009-07-20 11:13 -------- d-----w- c:\program files\Internet Download Manager
2009-07-20 11:13 . 2009-07-20 11:13 -------- d-----w- c:\program files\.Tonec Inc
2009-07-20 10:57 . 2009-07-20 10:57 -------- d-----w- c:\program files\Microsoft.NET
2009-07-20 10:52 . 2009-07-20 10:52 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-20 10:52 . 2009-07-20 10:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-07-20 10:51 . 2009-07-20 10:51 -------- d-----w- c:\program files\Common Files\Skype
2009-07-20 10:51 . 2009-07-20 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-20 10:51 . 2009-07-20 10:51 -------- d-----w- c:\program files\Skype
2009-07-20 10:50 . 2009-07-20 10:50 -------- d-----w- c:\program files\mpegable
2009-07-20 10:50 . 2009-07-20 10:50 47104 ------w- c:\windows\AKDeInstall.exe
2009-07-20 10:49 . 2009-07-20 09:03 2048 --s-a-w- c:\windows\bootstet.dat
2009-07-20 10:35 . 2009-07-20 10:34 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-20 10:34 . 2009-07-20 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-07-20 10:34 . 2009-07-20 10:34 -------- d-----w- c:\program files\ACD Systems
2009-07-20 10:32 . 2009-07-20 10:31 -------- d-----w- c:\program files\The KMPlayer
2009-07-20 10:30 . 2009-07-20 10:30 -------- d-----w- c:\program files\Google
2009-07-20 10:30 . 2009-07-20 10:30 -------- d-----w- c:\program files\GRETECH
2009-07-20 10:29 . 2009-07-20 10:29 0 ----a-w- c:\windows\nsreg.dat
2009-07-20 10:27 . 2009-07-20 10:27 -------- d-----w- c:\program files\Yahoo!
2009-07-20 10:18 . 2009-07-20 10:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 10:18 . 2009-07-20 10:18 -------- d-----w- c:\program files\Java
2009-07-20 10:13 . 2009-07-20 10:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-07-20 10:12 . 2009-07-20 10:11 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-20 10:11 . 2009-07-20 10:11 -------- d-----w- c:\program files\VideoLAN
2009-07-20 10:06 . 2009-07-20 09:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-20 09:53 . 2009-07-20 09:53 -------- d-----w- c:\program files\Marvell
2009-07-20 09:53 . 2009-07-20 09:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-20 09:53 . 2009-07-20 09:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\TMP
2009-07-20 09:44 . 2009-07-20 09:44 -------- d-----w- c:\program files\Intel
2009-07-20 09:42 . 2009-07-20 09:42 -------- d-----w- c:\program files\Broadcom
2009-07-20 09:35 . 2009-07-20 09:35 -------- d-----w- c:\program files\WIDCOMM
2009-07-20 09:01 . 2009-07-20 09:01 -------- d-----w- c:\program files\microsoft frontpage
2009-07-20 09:00 . 2009-07-20 09:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-20 08:57 . 2009-07-20 08:57 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-01-20 05:18 . 2009-07-20 10:28 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2008-01-07 15:15 1547776 D74083DCEC51D5291EF24D8D055D133A c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2007-06-28 17:39 65536 ----a-w- c:\windows\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k
*[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalStart.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Snagit 9.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Snagit 9.lnk
backup=c:\windows\pss\Snagit 9.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\تعريفات جهازي\\MyDrivers.exe"=
"d:\\تعريف الصوت مجرب\\تعريف الصوت للديل.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\برامج1430هـ\\snagit9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqsnotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [28/06/2007 08:45 م 131472]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [07/01/2008 11:19 ص 124928]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v9k6xppv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-30 02:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\LogonDll.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(2656)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\TechSmith\Snagit 9\TscHelp.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\SnagitEditor.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-29 2:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 23:10
Pre-Run: 15,799,488,512 bytes free
Post-Run: 15,790,407,680 bytes free
218
تأييد
0
صمت السكوت
زيزوومى محترف
- إنضم
- 3 أبريل 2008
- المشاركات
- 5,058
- مستوى التفاعل
- 53
- النقاط
- 830
غير متصل
اعمل تقرير هايجاك جديد
توقيع : صمت السكوت
تأييد
0
زمن النسيان
زيزوومى متألق
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:19:09 ص, on 30/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
D:\فحص الجهاز\avira_antivir_premium_en.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\basic\presetup.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\basic\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\basic\fact.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 4937 bytes
Scan saved at 02:19:09 ص, on 30/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
D:\فحص الجهاز\avira_antivir_premium_en.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\basic\presetup.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\basic\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\basic\fact.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 4937 bytes
تأييد
0
صمت السكوت
زيزوومى محترف
- إنضم
- 3 أبريل 2008
- المشاركات
- 5,058
- مستوى التفاعل
- 53
- النقاط
- 830
غير متصل
عطل استعادة النظام حسب الشرح التالي
ثم
حمل اداة الكاسبر من الرابط التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او من هنا
http://rapidshare.com/files/240376407/setup_7.0.0.290_03.06.2009_00-52.rar
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : صمت السكوت
تأييد
0
زمن النسيان
زيزوومى متألق
غير متصل
بعد ان اضغط على البرنامج يظهر مجلد ع سطح المكتب
اذا ضغطت على الاداة اللي ع شكل كاسبر مايطلع شي لكن يظهر ملف في قائمة بدء التشغيل ولايعمل بايقونة كاسبر
واسم
is-o09ve
اذا ضغطت على الاداة اللي ع شكل كاسبر مايطلع شي لكن يظهر ملف في قائمة بدء التشغيل ولايعمل بايقونة كاسبر
واسم
is-o09ve
تأييد
0