يطلع لي في المتصفح Hacked by X4X

المصدر: يطلع لي في المتصفح Hacked by X4X
في منتدى : منتدى مشاكـل وحلول الحـاسب

السلام عليكم
لما افتح صفحة جديدة يطلع لي في شريط العنوان Hacked by X4X ويحولني على الموقع ذا اللي لما افتحه يفتح لي صفحة قوقل تم التحرير
compaq
علما أن الفورمات لم ينفع..
فهل يعني ذلك أن الهكر يستطيع معرفة كل ماقوم به على جهازي من كلمات سر ويوزرات؟
وايش الحل لهذي المشكلة؟

 

حمل هذا البرنامج
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم​

 

تفضل هذا هو التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:11:15 م, on 02/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\سطح المكتب\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by X4X =~-.
R3 - URLSearchHook: arab stars Toolbar - {449c8ac4-2ac7-4bfd-bd9e-ad5c5dddc044} - C:\Program Files\arab_stars\tbarab.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: arab stars Toolbar - {449c8ac4-2ac7-4bfd-bd9e-ad5c5dddc044} - C:\Program Files\arab_stars\tbarab.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: arab stars Toolbar - {449c8ac4-2ac7-4bfd-bd9e-ad5c5dddc044} - C:\Program Files\arab_stars\tbarab.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 6137 bytes

 

O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg



احذف هذة القيمة

 

نظراً لعدم ايذآء الأخرين قمت بتحرير الرابط ..
بالتوفيق
​

 

من وين احذفها؟؟ من البرنامج اللي اعطاني التقرير والا من وين؟؟

 

عزيزي احذف هالقيم >>>>>>>> تاكد من اغلاق جميع الصفحات

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by X4X =~-.

R3 - URLSearchHook: arab stars Toolbar - {449c8ac4-2ac7-4bfd-bd9e-ad5c5dddc044} - C:\Program Files\arab_stars\tbarab.dll

O2 - BHO: arab stars Toolbar - {449c8ac4-2ac7-4bfd-bd9e-ad5c5dddc044} - C:\Program Files\arab_stars\tbarab.dll

O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe

O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg



=========

طريقة الحذف
​

​

=================================​

استخدم هذه الاداة للتنظيف

http://www.atribune.org/ccount/click.php?id=1

​

​

​

​

بعدها اعمل اعادة تشغيل​

​

​

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

​

​

 

هذا التقرير حق الاداة مع العلم إنه اعطاني التقرير بدون مايعيد الجهاز

ComboFix 09-08-01.06 - Administrator 08/02/2009 18:11.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1980.1582 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Administrator\قائمة ابدأ\البرامج\System Security
c:\documents and settings\Administrator\قائمة ابدأ\البرامج\System Security\System Security
c:\documents and settings\Administrator\Application Data\wiaserva.log
c:\windows\system32\win.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-07-29 20:02 . 2009-07-29 20:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\arab_stars
2009-07-29 20:02 . 2009-07-29 20:02 -------- d-----w- c:\program files\Conduit
2009-07-29 20:02 . 2009-07-29 20:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-07-29 20:02 . 2009-08-02 14:55 -------- d-----w- c:\program files\arab_stars
2009-07-29 16:54 . 2009-07-29 16:54 -------- d-----w- c:\windows\system32\LogFiles
2009-07-29 14:56 . 2009-07-29 14:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-29 14:47 . 2009-07-29 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-29 09:15 . 2009-07-29 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\11149064
2009-07-28 11:48 . 2009-07-28 11:48 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-09 00:58 . 2009-07-09 00:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 15:11 . 2001-09-19 12:00 41274 ----a-w- c:\windows\system32\perfc001.dat
2009-08-02 15:11 . 2001-09-19 12:00 254598 ----a-w- c:\windows\system32\perfh001.dat
2009-08-02 14:07 . 2009-06-30 12:26 -------- d-----w- c:\program files\Google
2009-08-01 18:40 . 2009-06-29 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-28 12:16 . 2009-06-29 13:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-07-16 23:15 . 2009-06-29 13:16 -------- d-----w- c:\program files\Launch Manager
2009-07-03 16:37 . 2009-06-28 20:35 49280 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 12:30 . 2009-06-30 12:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-29 13:45 . 2009-06-29 13:45 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 13:45 . 2009-06-29 13:45 75272 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-29 13:44 . 2009-06-29 13:44 96520 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 13:44 . 2009-06-29 13:44 26184 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-29 13:44 . 2009-06-30 12:05 796440 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-06-29 13:44 . 2009-06-30 12:05 697088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-06-29 13:44 . 2009-06-30 12:05 488728 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-06-29 13:44 . 2009-06-30 12:05 1019672 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-29 13:44 . 2009-06-29 13:44 -------- d-----w- c:\program files\AVG
2009-06-29 13:32 . 2009-06-29 13:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-06-29 13:32 . 2009-06-29 13:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-29 13:32 . 2009-06-29 13:32 -------- d-----w- c:\program files\Apoint2K
2009-06-29 12:34 . 2009-06-29 12:34 -------- d-----w- c:\program files\CONEXANT
2009-06-29 12:10 . 2009-06-29 12:10 -------- d-----w- c:\program files\Broadcom
2009-06-29 12:07 . 2009-06-29 08:01 -------- d-----w- c:\program files\Realtek
2009-06-29 12:07 . 2009-06-29 10:52 125 ----a-w- c:\windows\xUninstall.bat
2009-06-29 10:52 . 2009-06-28 20:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 08:58 . 2009-06-29 08:58 -------- d-----w- c:\program files\DIFX
2009-06-29 08:08 . 2009-06-29 08:08 -------- d-----w- c:\program files\Synaptics
2009-06-29 08:01 . 2009-06-29 08:01 315392 ----a-w- c:\windows\HideWin.exe
2009-06-29 07:55 . 2009-06-29 07:55 -------- d-----w- c:\program files\Intel
2009-06-28 20:59 . 2009-06-28 20:59 -------- d-----w- c:\program files\VideoLAN
2009-06-28 20:58 . 2009-06-28 20:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-28 20:57 . 2009-06-28 20:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-28 20:57 . 2009-06-28 20:56 -------- d-----w- c:\program files\Real
2009-06-28 20:56 . 2009-06-28 20:56 -------- d-----w- c:\program files\Common Files\Real
2009-06-28 20:56 . 2003-03-18 17:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-28 20:56 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-28 20:55 . 2009-06-28 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-06-28 20:54 . 2009-06-28 20:54 -------- d-----w- c:\program files\CyberLink
2009-06-28 20:54 . 2009-06-28 20:51 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-28 20:52 . 2009-06-28 20:51 -------- d-----w- c:\program files\NewTech Infosystems
2009-06-28 20:52 . 2009-06-28 20:52 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2009-06-28 20:52 . 2009-06-28 20:52 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-28 20:51 . 2009-06-28 20:51 -------- d-----w- c:\program files\Common Files\NewTech Infosystems
2009-06-28 20:51 . 2009-06-28 20:51 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2009-06-28 20:51 . 2009-06-28 20:51 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2009-06-28 20:51 . 2009-06-28 20:51 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2009-06-28 20:51 . 2009-06-28 20:51 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2009-06-28 20:51 . 2009-06-28 20:51 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2009-06-28 20:49 . 2009-06-28 20:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-28 20:49 . 2009-06-28 20:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\InterTrust
2009-06-28 20:44 . 2009-06-28 20:44 -------- d-----w- c:\program files\Microsoft.NET
2009-06-28 20:21 . 2009-06-28 19:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-28 19:54 . 2009-06-28 19:54 -------- d-----w- c:\program files\microsoft frontpage
2009-06-28 19:51 . 2009-06-28 19:51 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-28 185896]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1177368]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-26 16862720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 13:45 10520 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/06/2009 04:44 م 96520]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [29/06/2009 04:44 م 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29/06/2009 04:44 م 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/06/2009 04:45 م 75272]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [29/06/2009 04:11 م 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [29/06/2009 01:52 م 93968]
S2 ezwtdbh;Task Center;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:56 ص 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezwtdbh
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{449c8ac4-2ac7-4bfd-bd9e-ad5c5dddc044} - (no file)
WebBrowser-{449C8AC4-2AC7-4BFD-BD9E-AD5C5DDDC044} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 18:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ezwtdbh]
"ServiceDll"="c:\windows\system32\fomtsh.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\  EH/E *BJ'3J *9(1 *'1*('7 *B*l*u*e*t*o*o*t*h*:*:*  'DGH'*A *'D.DHJ) *'DBJ'3J):*:*M*i*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-08-02 18:13
ComboFix-quarantined-files.txt 2009-08-02 15:13
Pre-Run: 31,185,858,560 bytes free
Post-Run: 31,252,779,008 bytes free
468


وهذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:18:20 م, on 02/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\سطح المكتب\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5464 bytes

 

عزيزي طلبت منك تعطيل برنامج الحماية قبل تشغيل الاداة

على العموم

الان كل شي تمام

هل من مشاكل اخرى ؟؟
​

 

جزاك الله كل خير وغفر الله لك ولوالديك اختفى hacked by x4x
واعذرني ماعرفت كيف اعطله مع العلم انه طلع عندي انه معطل
وممكن طلب اخير ؟
كيف اسكر كل منافذ الهكر

 

[شرح] تعطيل برامج الحماية عن العمل لاستخدام ادوات الصيانة