[ تم حل المشكله ] مشكلة خطيرة

[hasonasaid]

مشكله يا جماعة عيزة حل انا فتحت اميل غريب
على الهوت ميل وبعدين تانى يوم لقيت المسنجر بيفتح اتوماتيك
وحذف كل جهات الاتصال الخاصة بى وعن طريق احد الاصدقاء
قاللى على طريق عن طريق امرrun وعرفت ان جهازى مخترق اعمل ايه

 

[format]

قم بعمل التالي وبسرعة

لاتفتح اي ايميل تاني الك الان




قم بتحميل هذا البرنامج hijackthis

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم اضغط على زر Do a system scan and save a logfile
ثم قم بنسخ محتوى التقرير الناتج , و الصقه في ردك القادم

​

 

[gaberbkr]

حمل هذالبرنامج
للقضاء على جميع ملفات التجسس والديدان والباتشات

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

=====================

الشرح

 

[ابـــو عــبــد الــلــه]

.​

 

[عاشق الصيانة]

خد هدا الامر لحدف ملفات التجسس
روح عن ابداء + تشغيل وانسخ العبارة دي
regsvr32.exe -u c:\windows\system32\regwizc.dll
ومن تم سويلة موافق
اخوك / علاوي

 

[format]

التقرير ياخوي هاته

 

[hasonasaid]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:36 ?, on 16/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Folder Guard\FGKey.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Rapidown\rapidown.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\hasona\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe
C:\DOCUME~1\hasona\LOCALS~1\Temp\Rar$EX02.843\HijackThis.exe
C:\DOCUME~1\hasona\LOCALS~1\Temp\Rar$EX10.187\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: ????? ????? ?????? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ???? ????? Google (gupdate1c9c145d8c9da42) (gupdate1c9c145d8c9da42) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5537 bytes

 

[hasonasaid]

انا احضرت التقرير طمنونى

 

[hasonasaid]

انا احضرت التقرير طمنونى

 

[wadeeh]

بارك الله فيكم يا شباب....

 

[أعتز بك]

بارك الله فيكم

أتمنى منكم يا اخوان

عدم تداخل الحلول مع بعض

نمشي وحده وحده حتى يكون الحل وااضح لصاحب المشكلة


ويعطيك ألف عافيه


موفقين

 

[format]

قم بحدف التالي

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe


​

 

[format]

طريقة الحذف ​

​

​

​

​

​

 

[format]

عطل برامج الحماية لديك

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك​

​

 

[hasonasaid]

عملت المطلوب

وبعد كدة

 

[format]

نزل الاداه في المشاركة رقم 14

وهات تقريره
​

 

[hasonasaid]

ComboFix 09-05-23.04 - hasona 04/16/2009 13:32.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.20.1033.18.255.75 [GMT 2:00]
Running from: c:\documents and settings\hasona\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-05-17 10:04 . 2009-05-17 10:04 -------- d-sh--w C:\FOUND.006
2009-05-17 00:32 . 2009-05-17 00:32 -------- d-----w c:\documents and settings\hasona\Tracing
2009-05-17 00:29 . 2009-05-17 00:29 -------- d-----w c:\program files\Microsoft
2009-05-17 00:29 . 2009-05-17 00:29 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-17 00:28 . 2009-05-17 00:28 -------- d-----w c:\program files\Windows Live
2009-05-17 00:01 . 2009-05-17 00:01 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-11 20:47 . 2009-05-11 20:49 2916720 ----a-w c:\documents and settings\hasona\Application Data\IDM\idmupdt.exe
2009-05-11 20:46 . 2009-05-11 20:49 198064 ----a-w c:\documents and settings\hasona\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-10 18:14 . 2009-05-10 18:14 408522 ----a-r c:\documents and settings\hasona\Application Data\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_4ae13d6c.exe
2009-05-10 18:14 . 2009-05-10 18:14 408522 ----a-r c:\documents and settings\hasona\Application Data\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_294823.exe
2009-05-10 18:14 . 2009-05-10 18:14 408522 ----a-r c:\documents and settings\hasona\Application Data\Microsoft\Installer\{B435AE22-F62A-4402-A4E5-E612631B92C9}\_18be6784.exe
2009-05-10 18:14 . 2009-05-10 18:14 -------- d-----w c:\program files\JlgSolera
2009-05-08 17:18 . 2009-04-13 15:39 4656976 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-07 19:20 . 2009-05-07 19:20 -------- d-----w c:\program files\Windows Defender
2009-05-07 19:15 . 2008-04-14 10:00 26624 ----a-w c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-07 19:12 . 2008-04-14 12:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-07 19:12 . 2009-05-07 19:12 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-07 19:10 . 2009-05-07 19:10 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-07 08:42 . 2009-03-26 16:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-05-06 18:49 . 2009-05-06 18:49 -------- d-sh--w C:\FOUND.005
2009-05-03 14:49 . 2009-05-03 14:49 -------- d-sh--w C:\FOUND.004
2009-05-01 22:34 . 2009-05-01 22:34 -------- d-sh--w C:\FOUND.003
2009-05-01 22:24 . 2009-05-01 22:24 286720 ------w c:\windows\Setup1.exe
2009-05-01 22:24 . 2009-05-01 22:24 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-30 19:28 . 2009-04-30 19:28 -------- d-----w c:\documents and settings\hasona\Local Settings\Application Data\assembly
2009-04-30 19:24 . 2009-04-30 19:24 -------- d-----w c:\documents and settings\hasona\Local Settings\Application Data\IsolatedStorage
2009-04-30 19:17 . 2009-04-30 19:17 -------- d-----w c:\program files\Virtual Earth 3D
2009-04-26 14:28 . 2009-04-26 14:28 -------- d-sh--w C:\FOUND.002
2009-04-26 11:02 . 2009-04-26 11:02 -------- d-sh--w C:\FOUND.001
2009-04-26 10:45 . 2009-04-26 10:45 -------- d-----w c:\documents and settings\hasona\Local Settings\Application Data\Yahoo
2009-04-26 08:14 . 2009-04-26 08:14 -------- d-----w c:\windows\Sun
2009-04-25 22:54 . 2009-04-25 22:54 152576 ----a-w c:\documents and settings\hasona\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-25 22:54 . 2009-04-25 22:54 -------- d-----w c:\program files\Java
2009-04-25 22:54 . 2009-04-25 22:54 -------- d-----w c:\program files\Common Files\Java
2009-04-24 16:30 . 2009-04-24 16:31 -------- d-----w c:\windows\system32\LogFiles
2009-04-22 20:57 . 2009-04-22 20:57 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-22 20:57 . 2009-01-08 16:46 607472 ----a-w c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-04-22 20:57 . 2009-04-22 20:57 -------- d-----w c:\program files\Yahoo!
2009-04-21 16:05 . 2009-04-21 16:05 -------- d-----w c:\documents and settings\hasona\Application Data\NASA
2009-04-21 16:04 . 2009-04-21 16:04 -------- d-----w c:\program files\NASA
2009-04-21 15:30 . 2009-04-21 15:30 -------- d-----w c:\documents and settings\hasona\Application Data\Folder Guard
2009-04-20 22:05 . 2009-04-20 22:05 -------- d-----w c:\program files\Folder Guard
2009-04-20 14:33 . 2009-04-20 14:34 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-19 23:32 . 2009-04-30 19:42 1744 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-19 23:23 . 2009-04-19 23:24 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-19 23:22 . 2009-04-19 23:22 -------- d-----w c:\documents and settings\hasona\Local Settings\Application Data\Google
2009-04-19 23:13 . 2009-04-19 23:13 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-19 23:13 . 2009-04-19 23:13 -------- d-----w c:\program files\Google
2009-04-19 15:44 . 2009-04-19 15:44 -------- d-----w c:\program files\Download Direct
2009-04-19 12:25 . 2009-04-19 12:25 720896 ----a-w c:\windows\iun6002.exe
2009-04-19 12:25 . 2009-04-19 12:26 -------- d-----w c:\program files\Natural Ambience
2009-04-17 20:32 . 2009-04-17 20:32 -------- d--h--w c:\windows\PIF
2009-04-16 09:58 . 2009-04-16 09:58 -------- d-----w c:\program files\GVR
2009-04-15 17:51 . 2009-04-15 17:51 -------- d-----w c:\program files\Rapidown
2009-04-14 21:35 . 2009-04-14 21:35 -------- d-----w c:\program files\The KMPlayer
2009-04-14 21:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-13 22:47 . 2009-04-13 22:47 -------- d-----w c:\program files\Any Audio Converter
2009-04-13 22:23 . 2009-04-13 22:23 -------- d-----w c:\documents and settings\hasona\Local Settings\Application Data\Identities
2009-04-13 16:27 . 2009-05-06 18:06 4784464 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B64870C8-F3AD-4040-AA59-3A676291AC53}\mpengine.dll
2009-04-12 23:00 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-12 20:39 . 2009-04-12 20:39 -------- d-----w c:\program files\Common Files\Adobe
2009-04-12 20:39 . 1998-01-23 10:22 304128 ----a-w c:\windows\IsUninst.exe
2009-04-12 20:39 . 2009-04-12 20:39 -------- d-----w c:\documents and settings\hasona\WINDOWS
2009-04-12 20:38 . 2009-04-12 20:38 -------- d-----w c:\program files\viewsonic
2009-04-12 00:06 . 2009-04-12 00:06 -------- d-s---w c:\documents and settings\hasona\UserData
2009-04-10 18:30 . 2009-04-10 18:30 -------- d-sh--w C:\FOUND.007
2009-04-09 21:40 . 2009-02-06 11:06 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-09 21:40 . 2009-02-06 11:08 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-09 21:39 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-09 21:39 . 2009-02-07 17:02 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-09 21:30 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-09 21:30 . 2008-06-13 11:05 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-04-09 21:28 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-09 20:48 . 2009-04-09 20:48 -------- d-sh--w C:\FOUND.000
2009-04-07 22:51 . 2007-07-27 07:41 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-07 22:51 . 2009-04-07 22:51 -------- d--h--w c:\windows\$hf_mig$
2009-04-07 22:17 . 2009-04-07 22:17 -------- d--h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-07 21:45 . 2009-04-07 21:45 -------- d-----w c:\documents and settings\hasona\Local Settings\Application Data\Apple Computer
2009-04-07 16:48 . 2009-04-07 16:48 53760 ----a-w c:\windows\system\ppacklib.dll
2009-04-07 16:48 . 2006-07-28 23:22 51712 ----a-w c:\windows\system32\coodest.dll
2009-04-07 16:48 . 2009-04-07 16:48 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-07 16:48 . 2009-04-07 16:48 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-07 16:48 . 2005-02-15 12:28 339968 ----a-w c:\windows\system32\NCTAudioArrayProcessing3.dll
2009-04-07 16:48 . 2009-04-07 16:48 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-07 16:48 . 2009-04-07 16:48 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-07 16:48 . 2002-01-05 03:40 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-07 16:48 . 2009-04-07 16:48 237568 ----a-w c:\windows\system32\lame_enc.dll
2009-04-07 16:48 . 2009-04-07 16:48 -------- d-----w c:\program files\AML Products
2009-04-07 16:48 . 2002-01-05 04:48 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-07 16:37 . 2009-05-17 00:31 27848 ----a-w c:\documents and settings\hasona\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 16:29 . 2009-04-07 16:29 -------- d-----w c:\documents and settings\hasona\Application Data\AccurateRip
2009-04-07 16:08 . 2009-04-07 16:08 13085 ----a-w c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-04-07 16:08 . 2007-04-10 00:15 4140920 ----a-w c:\windows\system32\SpoonUninstall.exe
2009-04-07 16:08 . 2009-04-07 16:08 -------- d-----w c:\program files\Illustrate
2009-04-06 22:55 . 2009-04-06 22:55 -------- d-----w c:\documents and settings\hasona\Application Data\IDM
2009-04-06 22:55 . 2009-04-06 22:55 -------- d-----w c:\documents and settings\hasona\Application Data\DMCache
2009-04-06 22:55 . 2009-04-06 22:55 -------- d-----w c:\program files\Internet Download Manager
2009-04-06 22:31 . 2008-04-14 12:00 85020 ----a-w c:\windows\system32\dllcache\dgsetup.dll
2009-04-06 22:31 . 2008-04-14 12:00 103424 ----a-w c:\windows\system32\dllcache\eqnclass.dll
2009-04-06 22:31 . 2008-04-14 12:00 8704 ----a-w c:\windows\system32\dllcache\batt.dll
2009-04-06 21:47 . 2004-01-22 17:06 157696 ----a-w c:\windows\system32\unrar.dll
2009-04-06 21:46 . 2004-01-27 11:53 1024000 ----a-w c:\windows\system32\3ivx.dll
2009-04-06 21:46 . 2003-06-23 00:44 1415680 ----a-w c:\windows\system32\WMV9VCM.dll
2009-04-06 21:46 . 2004-01-11 22:00 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-06 21:46 . 2003-04-21 13:09 245408 ----a-w c:\windows\system32\unicows.dll
2009-04-06 21:46 . 2002-01-05 11:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-06 21:46 . 2001-09-17 11:20 19968 ----a-w c:\windows\system32\cpuinf32.dll
2009-04-06 21:40 . 2009-04-06 21:40 -------- d-----w c:\program files\Realtek Sound Manager
2009-04-06 21:40 . 2009-04-06 21:40 -------- d-----w c:\program files\AvRack
2009-04-06 21:39 . 2002-11-21 07:07 765952 ----a-w c:\windows\system\crlds3d.dll
2009-04-06 21:39 . 2002-08-27 08:23 720896 ----a-w c:\windows\system32\dllcache\a3d.dll
2009-04-06 21:39 . 2002-08-27 08:23 720896 ----a-w c:\windows\system32\Audio3D.dll
2009-04-06 21:39 . 2002-08-27 08:23 720896 ----a-w c:\windows\system32\a3d.dll
2009-04-06 21:39 . 2003-08-15 07:53 462684 ----a-w c:\windows\system32\drivers\ALCXWDM.SYS
2009-04-06 21:39 . 2003-08-15 07:34 57344 ----a-w c:\windows\SOUNDMAN.EXE
2009-04-06 21:39 . 2003-08-14 15:16 404736 ----a-w c:\windows\system32\drivers\ALCXSENS.SYS
2009-04-06 21:39 . 2009-04-06 21:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 21:39 . 2003-07-17 07:09 139264 ------w c:\windows\alcrmv.exe
2009-04-06 21:39 . 2003-07-03 04:54 208896 ------w c:\windows\alcupd.exe
2009-04-06 21:39 . 2009-04-06 21:39 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-06 21:38 . 2009-04-06 21:38 -------- d-----w c:\documents and settings\hasona\Application Data\Media Player Classic
2009-04-06 21:36 . 2009-04-06 21:36 -------- d-----w c:\documents and settings\hasona\Local Settings\Application Data\Real
2009-04-06 21:27 . 2009-04-06 21:27 206088 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-04-06 21:27 . 2009-05-01 21:11 33808 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-04-06 21:27 . 2009-05-01 21:11 226832 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:11 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-17 21:26 . 2009-04-17 21:26 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-16 11:35 . 2009-04-06 21:08 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-16 11:35 . 2009-04-06 21:08 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-09 21:20 . 2009-04-06 20:42 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 20:43 . 2009-04-06 20:43 -------- d-----w c:\program files\microsoft frontpage
2009-04-06 20:39 . 2009-04-06 20:39 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:22 . 2008-04-14 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-02 18:10 . 2009-04-17 21:26 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-20 08:11 . 2008-04-14 10:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2008-04-14 10:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2008-04-14 10:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 10:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 10:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 10:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-04-14 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:02 . 2008-04-13 22:01 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-04-14 10:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2008-04-14 10:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-19 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-17 2807216]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-06 206088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 gupdate1c9c145d8c9da42;???? ????? Google (gupdate1c9c145d8c9da42);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 133104]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-05-01 33808]
S2 FGUARD32;FGUARD32;c:\program files\Folder Guard\FGUARD32.SYS [2009-01-30 54480]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - FGUARD32
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gupdate1c9c145d8c9da42
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - kl1
*Deregistered* - klbg
*Deregistered* - KLIF
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 23:13]

2009-04-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 23:22]

2009-04-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\rapidown.exe
FF - ProfilePath - c:\documents and settings\hasona\Application Data\Mozilla\Firefox\Profiles\qkmw6qbh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=VE3D01&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/search?q=%D9%83%D9%88%D9%88%D9%88%D8%B1%D8%A9+%D9%85%D8%B5%D8%B1%D9%8A%D8%A9&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-USfficial&client=firefox-a
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=VE3D01&q=
FF - component: c:\documents and settings\hasona\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-16 13:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WINDOWS DEFENDER\MSMPENG.EXE
.
**************************************************************************
.
Completion time: 2009-04-16 13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 11:40

Pre-Run: 5,435,547,648 bytes free
Post-Run: 5,548,097,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

365 --- E O F --- 2009-04-13 16:27

 

[hasonasaid]

الرد يا جماعة

 

[أعتز بك]

بعد أذن الغلا فورمات

أعمل الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم طبق الشرح كما الصور للتنظيف وعمل تقرير

​

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بالآآنتظآآر ,,​

 

[hasonasaid]

عملت المطلوب بالضبط وللاسف مش عارف اعمل التقرير مضغوط ولكن عملته كوبى ولقيت
14 ملف كوكيز وتم ازالتهم والحمد لله وهاهوا التقرير

a-squared Web Malware Scanner v. 4.0

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\, G:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 16/04/2009 02:12:43 ã


Scanned

Files: 48778
Traces: 351718
Cookies: 1306
Processes: 18

Found

Files: 0
Traces: 0
Cookies: 14
Processes: 0

Scan end: 16/04/2009 02:30:15 ã
Scan time: 12:17:32 Õ




وبعدين لكي يطمئن قلبى عملت سكان تانى ولم اجد شيئا والحمدلله والسكان قدم التهانى على انه لم يجد شيئا

وهاهوا التقرير الثانى
a-squared Web Malware Scanner v. 4.0

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\, G:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 16/04/2009 02:34:25 ã


Scanned

Files: 48869
Traces: 351718
Cookies: 1270
Processes: 19

Found

Files: 0
Traces: 0
Cookies: 14
Processes: 0

Scan end: 16/04/2009 02:50:07 ã
Scan time: 12:15:42 Õ