هل جهازى مصاب

zoro779 · 1 يونيو 2009

السلام عليكم هذا تقرير الهيجاك لجهازى هل التقرير سليم ام لا

كود:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:06:15 ص, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
D:\1Original\NetProg\OperaPortable\OperaPortable.exe
D:\1Original\NetProg\OperaPortable\App\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows XP MOUSTAFA -;{ DeSiGn By MOUSTAFA -:((ZORO779)):- };- 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\MOUSTAFA\LOCALS~1\Temp\FlashGet Portable\jccatch.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LClock] C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ViStart] C:\WINDOWS\resources\VistaStyle\ViStart\ViStart.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TrueTransparency] "C:\WINDOWS\resources\VistaStyle\TrueTransparency\TrueTransparency.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] "C:\WINDOWS\resources\VistaStyle\VisualTaskTips\VisualTaskTips.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{59D662D2-E571-4C73-93D7-D4BB987A6213}: NameServer = 192.168.0.1 213.131.65.20
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

--
End of file - 6822 bytes

format · 1 يونيو 2009

قم بحدف التالي
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\MOUSTAFA\LOCALS~1\Temp\FlashGet Portable\jccatch.dll (file missing)

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

format · 1 يونيو 2009

طريقة الحذف للاكس بي

بعدين استخدم ها الادوات

التحميل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

بعدين

عطل جميع برامج الحمايه ,,

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة

zoro779 · 1 يونيو 2009

كود:

ComboFix 09-05-31.04 - MOUSTAFA 06/01/2009  8:18.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1256.20.1033.18.255.93 [GMT 7:00]
Running from: D:\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dll32.dll
c:\windows\system32\helper.dll
c:\windows\system32\ICON.ico
c:\windows\system32\regedit.exe
c:\windows\system32\settings.dll
D:\resycled
E:\resycled
F:\resycled
G:\resycled

.
(((((((((((((((((((((((((   Files Created from 2009-05-01 to 2009-06-01  )))))))))))))))))))))))))))))))
.

2009-05-31 23:03 . 2009-05-31 23:03	--------	d-----w-	c:\windows\system32\wbem\Logs
2009-05-30 18:13 . 2009-05-30 18:13	--------	d-----w-	c:\documents and settings\MOUSTAFA\Tracing
2009-05-30 13:25 . 2009-05-30 13:25	--------	d-----w-	c:\program files\Windows Live
2009-05-28 14:20 . 2009-03-26 11:35	210352	----a-w-	c:\windows\system32\idmmbc.dll
2009-05-28 14:19 . 2009-05-28 14:19	198064	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-28 14:19 . 2009-05-28 14:19	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\IDM
2009-05-28 14:19 . 2009-05-28 14:19	--------	d-----w-	c:\program files\MatriX
2009-05-28 14:19 . 2009-05-28 14:19	--------	d-----w-	c:\program files\Internet Download Manager
2009-05-26 19:33 . 2004-02-22 17:00	119808	----a-w-	c:\windows\system32\MSSTDFMT.DLL
2009-05-26 19:33 . 2003-04-21 07:09	245408	----a-w-	c:\windows\system32\UNICOWS.DLL
2009-05-26 19:33 . 2002-08-28 20:41	882688	----a-w-	c:\windows\system32\gdiplus.dll
2009-05-26 19:33 . 2000-07-14 17:00	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2009-05-25 05:08 . 2009-05-25 05:08	--------	d-----w-	c:\documents and settings\MOUSTAFA\Contacts
2009-05-25 05:07 . 2009-05-25 05:07	--------	d-----w-	c:\windows\system32\DRVSTORE
2009-05-24 23:04 . 2009-05-24 23:04	--------	d-----w-	c:\program files\Trend Micro
2009-05-24 05:43 . 2009-05-24 05:43	--------	d-----w-	c:\program files\Camfrog
2009-05-24 00:21 . 2009-05-24 00:21	--------	d-----w-	c:\program files\Snagit 9 En_p
2009-05-24 00:20 . 2009-05-24 00:20	--------	d-----w-	c:\documents and settings\MOUSTAFA\Local Settings\Application Data\TechSmith
2009-05-23 18:57 . 2009-05-23 19:15	25	----a-w-	c:\windows\popcinfot.dat
2009-05-23 18:56 . 2009-05-23 18:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-23 18:06 . 2009-05-23 18:06	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\PlayFirst
2009-05-23 18:06 . 2009-05-23 18:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-23 18:02 . 2009-05-28 20:26	16	---h--w-	c:\windows\popcinfo.dat
2009-05-23 18:02 . 2009-05-23 18:02	--------	d-----w-	c:\program files\PopCap Games
2009-05-23 15:39 . 2009-05-23 15:39	--------	d-----w-	c:\documents and settings\MOUSTAFA\Local Settings\Application Data\Axialis
2009-05-22 12:29 . 2009-05-22 12:29	--------	d-----w-	c:\program files\ChickenInvadersROTYXmas
2009-05-22 06:10 . 2009-05-22 06:10	7680	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office Professional Edition 2003\1000000b00002h\verclsid.exe
2009-05-22 01:13 . 2009-05-22 01:13	7680	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office Professional Edition 2003\1000000b00002h\rundll32.exe
2009-05-22 01:13 . 2009-05-22 01:13	7680	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office Professional Edition 2003\4ad000006100003h\cmd.exe
2009-05-22 00:34 . 2009-05-22 00:34	7680	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office Professional Edition 2003\30000000bb100002h\WINWORD.EXE
2009-05-21 10:33 . 2008-12-17 12:16	481792	----a-w-	c:\windows\system32\SQLite3.dll
2009-05-21 10:02 . 2009-05-21 10:02	660992	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\NeoBook 5.6.3\%ProgramFilesDir%\NeoBook 5\NBPlay5.exe
2009-05-20 15:51 . 2009-05-20 15:51	--------	d-----w-	c:\documents and settings\Birungueta\Meus documentos
2009-05-20 15:50 . 2009-05-20 15:50	--------	d-----w-	c:\documents and settings\Birungueta\Dados de aplicativos
2009-05-20 15:50 . 2009-05-20 15:50	--------	d-----w-	c:\documents and settings\Birungueta
2009-05-19 14:30 . 2009-05-19 14:30	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\DAEMON Tools Pro
2009-05-18 10:22 . 2009-05-18 10:22	34816	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office FrontPage 2003\3000000043a00002i\FRONTPG.EXE
2009-05-18 10:22 . 2009-05-18 10:22	34816	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office FrontPage 2003\30000000c200002i\DW20.EXE
2009-05-18 07:51 . 2009-05-18 07:51	8704	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Switch\4000008f00003i\mp3enc.exe
2009-05-18 07:50 . 2007-08-29 08:36	110592	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Switch\%ProgramFilesDir%\NCH Software\Components\mp3el\mp3enc.exe
2009-05-18 07:50 . 2009-05-18 07:50	8704	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Switch\4000001e00002i\mp3el.exe
2009-05-18 03:35 . 2009-05-18 03:35	--------	d-----w-	C:\Documents
2009-05-16 22:53 . 2006-02-02 00:41	24576	----a-w-	c:\windows\system32\AsEBookSetup.exe
2009-05-16 22:19 . 2009-05-16 22:19	--------	d-----w-	C:\WDREAM32
2009-05-16 14:09 . 2009-05-16 14:09	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\EBookSys
2009-05-16 14:08 . 2009-05-16 14:09	9216	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\FlipPublisher 1.1\300000003400002i\dwwin.exe
2009-05-16 14:08 . 2009-05-16 14:08	9216	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\FlipPublisher 1.1\4000003c700002i\FlipCDM.EXE
2009-05-16 13:37 . 2009-05-16 13:37	--------	d-----w-	c:\windows\Blaiz Enterprises
2009-05-15 22:27 . 2009-05-15 22:27	--------	d-----w-	c:\program files\Common Files\Diskeeper Corporation
2009-05-15 22:27 . 2009-05-15 22:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-05-15 22:27 . 2009-05-15 22:27	--------	d-----w-	c:\program files\Diskeeper Corporation
2009-05-15 05:05 . 2009-05-15 05:05	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Aurora Web Editor
2009-05-15 05:04 . 2009-05-15 05:04	--------	d-----w-	c:\program files\Multimedia Australia
2009-05-15 04:52 . 2009-05-15 04:52	--------	d-----w-	c:\program files\TOOLS V 1.5
2009-05-14 13:02 . 2009-05-14 13:02	--------	d-----w-	c:\program files\MSECache
2009-05-14 12:32 . 2008-12-21 10:05	2216	----a-w-	c:\program files\superclean.bat
2009-05-14 10:48 . 2009-05-14 10:48	123904	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Ashampoo Burning Studio 8\1000000b00002i\verclsid.exe
2009-05-14 10:35 . 2008-09-28 15:00	439440	------w-	c:\program files\un_Internet Download Manager_16575.exe
2009-05-14 00:33 . 2009-05-14 00:33	123904	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Ashampoo Burning Studio 8\400000700002i\CancelAutoplay.exe
2009-05-14 00:33 . 2009-05-14 00:33	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Ashampoo
2009-05-13 13:42 . 2009-05-13 13:42	98304	----a-w-	c:\windows\system32CmdLineExt.dll
2009-05-12 23:16 . 2009-05-12 23:16	34816	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office FrontPage 2003\1000000b00002i\rundll32.exe
2009-05-12 18:10 . 2009-05-12 18:10	--------	d-----w-	c:\program files\GoldWave
2009-05-12 09:07 . 2009-05-12 09:07	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\IndigoRose
2009-05-12 04:04 . 2009-05-12 04:04	--------	d-----w-	c:\program files\Common Files\WinCHM
2009-05-12 04:04 . 2003-10-08 00:38	154352	----a-w-	c:\windows\system32\Itcc.dll
2009-05-12 04:04 . 2000-11-21 04:35	837904	----a-w-	c:\windows\system32\Hha.dll
2009-05-12 03:37 . 2009-05-12 03:37	--------	d-----w-	C:\Temp
2009-05-11 14:57 . 2009-05-11 14:57	34816	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office FrontPage 2003\4000009c00002i\IEXPLORE.EXE
2009-05-11 10:00 . 2009-05-11 10:00	--------	d--h--w-	c:\windows\PIF
2009-05-11 06:51 . 2009-05-11 06:51	4096	----a-w-	c:\windows\d3dx.dat
2009-05-10 21:53 . 2009-05-10 21:53	--------	d-----w-	C:\SavedWPA
2009-05-10 11:42 . 2009-05-10 11:42	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\IcoFX
2009-05-10 11:40 . 2009-05-10 11:40	--------	d-----w-	c:\program files\IcoFX 1.6
2009-05-09 13:51 . 2009-05-09 13:51	--------	d-----w-	c:\documents and settings\Default User\Application Data\Thinstall
2009-05-09 13:51 . 2009-05-09 13:51	34816	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office FrontPage 2003\10000002000002i\msiexec.exe
2009-05-09 13:49 . 2009-05-09 13:49	34816	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\Microsoft Office FrontPage 2003\1000000b00002i\verclsid.exe
2009-05-09 12:17 . 2009-05-09 12:17	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\AntsSoft
2009-05-09 12:17 . 2009-05-09 12:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\TEMP
2009-05-09 10:30 . 2009-05-09 10:30	--------	d-----w-	c:\windows\Sun
2009-05-08 13:06 . 2009-05-08 13:06	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\HTML Executable
2009-05-08 08:13 . 2009-05-08 08:13	--------	d-----w-	c:\program files\GISolution
2009-05-08 03:00 . 2009-05-08 03:00	--------	d-----w-	c:\program files\Smart Install Maker
2009-05-08 00:18 . 2009-05-08 00:18	--------	d-----w-	c:\documents and settings\MOUSTAFA\Local Settings\Application Data\ApplicationHistory
2009-05-07 16:44 . 2009-05-07 16:44	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Camfrog
2009-05-07 13:45 . 2009-05-07 13:45	4	----a-w-	c:\windows\system32\Computers.DAT
2009-05-07 13:44 . 2009-05-07 13:44	--------	d-----w-	c:\program files\Common Files\Adobe
2009-05-07 13:44 . 2009-05-07 13:44	--------	d-----w-	c:\windows\system32\logs
2009-05-07 11:00 . 2009-05-07 11:00	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Desktopicon
2009-05-07 11:00 . 2009-05-07 11:00	--------	d-----w-	c:\program files\Unlocker
2009-05-07 09:13 . 2009-05-07 09:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\Martau
2009-05-07 09:13 . 2009-05-07 09:13	--------	d-----w-	c:\program files\Total Uninstall 5
2009-05-07 00:16 . 2009-05-07 00:16	--------	d-----w-	c:\program files\VerbAce Research
2009-05-06 23:59 . 2009-05-06 23:59	--------	d-----w-	c:\documents and settings\MOUSTAFA\Local Settings\Application Data\Mozilla
2009-05-06 17:58 . 2009-05-06 17:58	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Windows Search
2009-05-06 17:15 . 2009-05-06 17:15	--------	d-----w-	c:\documents and settings\MOUSTAFA\Local Settings\Application Data\Yahoo
2009-05-06 17:12 . 2009-05-06 17:12	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Yahoo!
2009-05-06 17:11 . 2009-05-06 17:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-06 17:11 . 2008-11-05 14:03	607472	----a-w-	c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-06 17:11 . 2009-05-06 17:11	--------	d-----w-	c:\program files\Yahoo!
2009-05-06 13:51 . 2009-05-06 13:51	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\AvaFind Data
2009-05-06 13:25 . 2009-05-06 13:25	--------	d-----w-	c:\documents and settings\MOUSTAFA\Local Settings\Application Data\Thinstall
2009-05-06 13:25 . 2009-05-06 13:25	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall
2009-05-06 12:44 . 2008-04-14 11:00	26624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-06 12:38 . 2009-05-06 12:38	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2009-05-06 12:26 . 2009-05-06 12:26	--------	d-sh--w-	c:\documents and settings\MOUSTAFA\PrivacIE
2009-05-06 12:25 . 2009-05-06 12:25	--------	d-sh--w-	c:\documents and settings\MOUSTAFA\IECompatCache
2009-05-06 12:23 . 2009-05-06 12:23	--------	d-sh--w-	c:\documents and settings\MOUSTAFA\IETldCache
2009-05-06 11:35 . 2009-05-06 11:35	--------	d--h--w-	c:\windows\ie8
2009-05-06 10:50 . 2009-05-06 10:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-05-06 10:50 . 2009-05-06 10:50	--------	d-----w-	c:\program files\DAEMON Tools Lite
2009-05-06 10:45 . 2009-05-06 10:45	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-05-06 10:45 . 2009-05-06 10:45	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\DAEMON Tools Lite
2009-05-06 10:43 . 2009-05-06 10:43	--------	d-----w-	c:\program files\Multimedia Builder498
2009-05-06 10:41 . 2009-05-06 10:41	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\DMCache
2009-05-06 10:40 . 2009-05-06 10:40	--------	d-----w-	c:\program files\AutoPlay Media Studio 7.0
2009-05-06 10:40 . 2009-05-06 10:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\IndigoRose
2009-05-06 10:35 . 2009-05-06 10:35	--------	d-----w-	c:\program files\Microsoft ActiveSync
2009-05-06 10:35 . 2009-05-06 10:35	--------	d-----w-	c:\program files\Microsoft.NET
2009-05-06 10:33 . 2009-05-06 10:33	--------	d-----w-	c:\windows\ShellNew
2009-05-06 10:33 . 2009-05-06 10:33	--------	d-----w-	c:\program files\AutoIt3
2009-05-06 09:31 . 2009-05-06 09:31	206088	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-06 09:31 . 2009-05-06 09:31	33808	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-06 09:31 . 2009-05-06 09:31	226832	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-06 09:28 . 2009-05-06 09:28	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Media Player Classic

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 01:23 . 2009-05-06 09:05	32	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-06-01 01:23 . 2009-05-06 09:05	32	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-06-01 01:11 . 2009-06-01 01:11	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\CyberScrub
2009-06-01 01:11 . 2009-06-01 01:11	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\cleaner
2009-05-14 17:46 . 2009-05-06 08:37	354216	----a-w-	c:\documents and settings\MOUSTAFA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 09:31 . 2008-01-29 10:29	33808	----a-w-	c:\windows\system32\drivers\klbg.sys
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\HashTab Shell Extension
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\DAMN NFO Viewer
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\DustBuster
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\MOUSTAFA SAAD
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\CLEANER
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\Ava Find
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\Foxit PDF Tools
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\Foxit Software
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\Save Flash
2009-05-06 09:03 . 2009-05-06 09:03	--------	d-----w-	c:\program files\ImageShack
2009-05-06 09:02 . 2009-05-06 09:02	--------	d-----w-	c:\program files\Shell Picture
2009-05-06 09:02 . 2009-05-06 09:02	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-05-06 08:58 . 2009-05-06 08:58	--------	d-----w-	c:\program files\ussf
2009-05-06 08:58 . 2009-05-06 08:58	--------	d-----w-	c:\program files\ultraiso_portable
2009-05-06 08:58 . 2009-05-06 08:58	--------	d-----w-	c:\program files\Company
2009-05-06 08:58 . 2009-05-06 08:58	--------	d-----w-	c:\program files\CMenu
2009-05-06 08:54 . 2009-05-06 08:54	--------	d-----w-	c:\program files\Timer
2009-05-06 08:54 . 2009-05-06 08:54	28672	----a-r-	c:\documents and settings\MOUSTAFA\Application Data\Microsoft\Installer\{A9ECA555-1644-4A17-9A5A-37A439673571}\_B15BA7C98203_49ED_88EC_25C37E78B249.exe
2009-05-06 08:54 . 2009-05-06 08:54	--------	d-----w-	c:\program files\TSL
2009-05-06 08:54 . 2009-05-06 08:54	--------	d-----w-	c:\program files\OpenWith.org Desktop Tool
2009-05-06 08:53 . 2009-05-06 08:53	--------	d-----w-	c:\program files\OpenExpert
2009-05-06 08:52 . 2009-05-06 08:52	--------	d-----w-	c:\program files\Notepad++
2009-05-06 08:52 . 2009-05-06 08:52	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Notepad++
2009-05-06 08:52 . 2009-05-06 08:52	--------	d-----w-	c:\program files\Softland
2009-05-06 08:52 . 2009-05-06 08:52	--------	d-----w-	c:\program files\whyEye.org
2009-05-06 08:52 . 2009-05-06 08:51	--------	d-----w-	c:\program files\CD Catalog Expert
2009-05-06 08:51 . 2009-05-06 08:51	--------	d-----w-	c:\program files\7-Zip
2009-05-06 08:51 . 2009-05-06 08:51	--------	d-----w-	c:\program files\SpiritPyre Extensions
2009-05-06 08:51 . 2009-05-06 08:51	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-05-06 08:51 . 2009-05-06 08:51	--------	d-----w-	c:\program files\Java
2009-05-06 08:46 . 2009-05-06 08:46	87896	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-06 08:46 . 2009-05-06 08:46	--------	d-----w-	c:\program files\MSBuild
2009-05-06 08:46 . 2009-05-06 08:46	--------	d-----w-	c:\program files\Reference Assemblies
2009-05-06 08:37 . 2009-05-06 08:37	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\Windows Desktop Search
2009-05-06 08:37 . 2009-05-06 08:37	--------	d-----w-	c:\documents and settings\MOUSTAFA\Application Data\ViStart
2009-05-06 08:23 . 2009-05-06 08:23	--------	d-----w-	c:\program files\microsoft frontpage
2009-05-06 08:21 . 2009-05-06 08:21	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 08:20 . 2009-05-06 08:20	--------	d-----w-	c:\program files\Windows Media Connect 2
2009-05-06 08:17 . 2009-05-06 08:17	21640	----a-w-	c:\windows\system32\emptyregdb.dat
2009-05-06 08:15 . 2009-05-06 08:15	--------	d-----w-	c:\program files\Alky for Applications
2009-05-06 08:15 . 2009-05-06 08:15	--------	d-----w-	c:\program files\Windows Desktop Search
2009-05-06 08:15 . 2009-05-06 08:15	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-05-06 08:14 . 2009-05-06 08:14	--------	d-----w-	c:\program files\Windows Sidebar
2009-04-02 13:21 . 2009-05-06 09:02	84480	----a-w-	c:\windows\system32\ff_vfw.dll
2009-03-08 07:09 . 2009-05-06 08:19	638816	----a-w-	c:\documents and settings\MOUSTAFA\Application Data\Thinstall\WinCHM 2.51\%ProgramFilesDir%\Internet Explorer\IEXPLORE.EXE
2009-03-07 21:34 . 2009-01-20 14:04	914944	----a-w-	c:\windows\system32\wininet.dll
2009-03-07 21:34 . 2009-01-20 07:03	43008	----a-w-	c:\windows\system32\licmgr10.dll
2009-03-07 21:33 . 2009-01-20 07:03	18944	----a-w-	c:\windows\system32\corpol.dll
2009-03-07 21:33 . 2009-01-20 07:05	420352	----a-w-	c:\windows\system32\vbscript.dll
2009-03-07 21:32 . 2009-01-20 07:00	72704	----a-w-	c:\windows\system32\admparse.dll
2009-03-07 21:32 . 2009-01-20 07:01	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-03-07 21:31 . 2009-01-20 07:03	34816	----a-w-	c:\windows\system32\imgutil.dll
2009-03-07 21:31 . 2009-01-20 07:04	48128	----a-w-	c:\windows\system32\mshtmler.dll
2009-03-07 21:31 . 2009-01-20 07:02	45568	----a-w-	c:\windows\system32\mshta.exe
2009-03-07 21:22 . 2009-01-20 07:04	156160	----a-w-	c:\windows\system32\msls31.dll
2008-03-09 00:25 . 2009-05-06 10:37	236	---ha-w-	c:\program files\Common Files\dx.reg
.

------- Sigcheck -------

[-] 2009-01-20 07:04	516096	6FBE974874389B7D5F11870747B8622C	c:\windows\system32\user32.dll

[-] 2009-01-20 07:11	361600	038CA45522FE9B756EFB90DBFA9141EA	c:\windows\system32\drivers\tcpip.sys

[-] 2009-01-20 07:04	568832	DB3B9755F265C37319DF9AFF4FDDF717	c:\windows\system32\winlogon.exe

[-] 2009-01-20 07:06	2227200	E863ABB255AD9524D15D235DA16E8CA9	c:\windows\system32\ntkrnlpa.exe

[-] 2009-01-20 07:02	2350336	C1E729B613BA8F5DD415ABD7A7F79E56	c:\windows\system32\ntoskrnl.exe

[-] 2009-01-20 07:00	1724416	FC866D8A8453DD8A9E24BB3725EBB642	c:\windows\explorer.exe

[-] 2009-01-20 07:00	37376	CBF5945651C96E471B3A004BBDC36864	c:\windows\system32\ctfmon.exe

[-] 2009-01-20 07:16	1614848	744FCDF4F368F33CDB83FED7CECABC5A	c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\windows\resources\VistaStyle\LClock\LClock.exe" [2009-01-20 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-01-20 37376]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-28 2815408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-06 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-01-20 37376]
"ViStart"="c:\windows\resources\VistaStyle\ViStart\ViStart.exe" [2009-01-20 868352]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-20 1247232]
"TrueTransparency"="c:\windows\resources\VistaStyle\TrueTransparency\TrueTransparency.exe" [2009-01-20 381440]
"VisualTaskTips"="c:\windows\resources\VistaStyle\VisualTaskTips\VisualTaskTips.exe" [2009-01-20 36352]
"LClock"="c:\windows\resources\VistaStyle\LClock\LClock.exe" [2009-01-20 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-07 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2009-5-6 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-01-20 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection WSidebar.inf,Register_SideBar
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 08:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\SHDOCVW.dll
c:\program files\PowerMenu\PowerMenuHook.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\resources\VistaStyle\LClock\LC.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-01  8:30 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-01 01:30

Pre-Run: 2,586,697,728 bytes free
Post-Run: 2,434,310,144 bytes free

332

format · 1 يونيو 2009

هات هايجك جديد

zoro779 · 1 يونيو 2009

كود:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:40 ص, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
D:\1Original\NetProg\OperaPortable\OperaPortable.exe
D:\1Original\NetProg\OperaPortable\App\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [LClock] C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ViStart] C:\WINDOWS\resources\VistaStyle\ViStart\ViStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TrueTransparency] "C:\WINDOWS\resources\VistaStyle\TrueTransparency\TrueTransparency.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VisualTaskTips] "C:\WINDOWS\resources\VistaStyle\VisualTaskTips\VisualTaskTips.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LClock] C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O13 - Gopher Prefix: 
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

--
End of file - 5513 bytes

zoro779 · 1 يونيو 2009

uppppppppp

AbOdy · 1 يونيو 2009

هلا بك
ارفع تقرير الهايجاك بدون كود ولا اقتباس

zoro779 · 1 يونيو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:40 ص, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
D:\1Original\NetProg\OperaPortable\OperaPortable.exe
D:\1Original\NetProg\OperaPortable\App\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [LClock] C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ViStart] C:\WINDOWS\resources\VistaStyle\ViStart\ViStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TrueTransparency] "C:\WINDOWS\resources\VistaStyle\TrueTransparency\TrueTransparency.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [VisualTaskTips] "C:\WINDOWS\resources\VistaStyle\VisualTaskTips\VisualTaskTips.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LClock] C:\WINDOWS\resources\VistaStyle\LClock\LClock.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O13 - Gopher Prefix:
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

--
End of file - 5513 bytes

format · 1 يونيو 2009

قم بحدف التالي

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

طريقة الحذف للاكس بي

بعدين استخدم ها الادوات

التحميل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

بعدين قلي كيف صار الوضع عندك ^_^

zoro779 · 2 يونيو 2009

الوضع جيد نوعا ما لكن النشكلة انة تكرر سرقة الايميل

format · 2 يونيو 2009

الوضع جيد نوعا ما لكن النشكلة انة تكرر سرقة الايميل

أنقر للتوسيع...

خخخخ يكون انضحك عليك عن طريق صفحة مزوره

هل من مشاكل اخرى

أعتز بك · 2 يونيو 2009

zoro779 قال:
الوضع جيد نوعا ما لكن النشكلة انة تكرر سرقة الايميل

ما قصر الأخ فورمات

k:

أخي لحماية الأيميل لا تستقبل أي رسالة من شخص مجهول

عدم فتح روابط غير موثوق فيها

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهل تعاااني من مشاااكل آخرى في الجهاز

zoro779 · 2 يونيو 2009

شكرا اخوانى الاعزاء المشكلة الوحيدة تقريبا الان انة عند تشغيل بعض البرامج اوز عند عمل داونلود الجهاز يعمل ريستارت
اما عند تعطيل برنامج الحماية لدى الكاسبرسكاى انتى فايرس يعمل بدون مشاكل

وايضا عند عمل ابلود النت يفصل وعند تعطيل برنامج الكاسبر يعمل بدون مشاكل

عندى مشكلة مع برنامج الحماية لاعرف سببها رغم عمل repair لة وتصطيبة من جديد

format · 3 يونيو 2009

حياك اخوي

قم بعمل التالي

أفتح أبدا >> تشغيل ( Run )

وأكتب

CMD

بعدها

تكتب

shutdown -i

سوف تفتح معك هذه النافذة

أختار كما هو موضح

بعدين استخدم اداه الكاسبر ثم جيب التقرير بردك القادم

أغلق برنامج الحماية

و قم بتعطيل استعادة النظام كما في الشرح

حمل الأداة من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم ألصقه بردك القادم

zoro779 · 4 يونيو 2009

اخى الفاضل بالنسبة للشرح الاول لطريقة shut down الزر الرابع والخاص ب ok غير منشط وبالتالى لايمكننى الضغط علية
اما بالنسبة للاسكان فقد نزلت الاداة وان شاء الله سوف ارفق لك التقرير بعد تشغيلها فى اخر اليوم لانى ذاهب للعمل الان فالجهاز امكانياتة محدودة ولايمكننى عمل اسكان فى هذة الفترة البسيطة
ان شاء الله سوف ارسل التقرير فى حدود الساعة الثامنة

zoro779 · 4 يونيو 2009

اخى الفاضل تفضل التقرير لكن ارجوا ايجاد حل لمشكلة الزر رقم 4 هنا والخاص بال ok فى هذة الصورة فهو غير منشط وبالتالى لااستطيع الضغط علية

وهذا هو التقرير

Scan
----
Scanned: 364289
Detected: 3
Untreated: 1
Start time: 04/06/2009 03:14:21 م
Duration: 02:44:43
Finish time: 04/06/2009 05:59:04 م

Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Genome.ltv File: D:\1Original\AFTER FORMAT PROGRAMS\DESIGN\&&&&&صنع الاسطوانات التجميعية&&&\AutoPlay Media Studio v6_P\Portable AutoPlay Media Studio 6.0.5.0 by BouzalouFe.exe/ams60.exe
deleted: Trojan program Backdoor.Win32.IRCBot.jje File: D:\1Original\AFTER FORMAT PROGRAMS\MULTIMEDIA\power mp3 cuttermp3 sound cutter\power mp3 cuttermp3 sound cutter.exe
detected: adware not-a-virus:AdWare.Win32.Background File: E:\learn to speak english\EE09_1_B3.iso//INSTALL/BRODCAST/DSSAGENT.EXE;1

Events
------
Time Name Status Reason
---- ---- ------ ------
04/06/2009 03:15:37 م Running module: wscntfy.exe\wscntfy.exe ok scanned
04/06/2009 03:15:46 م File: C:\WINDOWS\system32\wscntfy.exe ok scanned

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Disinfect, delete if disinfection fails
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----
Infected: Trojan program Trojan-Downloader.Win32.Agent.breh D:\1Original\NetProg\Portable TheWorld2.0\Appdata\TheWorld_ENU_U.exe 875 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jni D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\123key.exe 5.2 MB
Infected: Trojan program Backdoor.Win32.IRCBot.jvb D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\AcrobatKey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jrj D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Actkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jsz D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\AsteriskKey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kal D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Backupkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jok D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\BestCryptKey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbm D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Efskey.exe 11.7 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jon D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\FileMakerkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jse D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\InternetExplorer.exe 11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jsw D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\LotusNotekey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbf D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\LotusWordProkey.exe 11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jyc D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Mailkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kby D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Messengerkey.exe 11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jun D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Moneykey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.joq D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Myobkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jsy D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\NetworkConnectionskey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbr D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Officekey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbi D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\OneNotekey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kat D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Organizerkey.exe 11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbn D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\OutlookExpresskey.exe 11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jvh D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Paradoxkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kdx D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\PeachTree.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbb D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Projectkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.joy D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\QuattroProkey.exe 11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jrm D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\QuickBookskey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jvg D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Quickenkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbd D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Schedulekey.exe 11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jox D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Sqlkey.exe 11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jnt D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\WordPerfectkey.exe 11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jyo D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Zipkey.exe 11.2 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.aawu D:\1Original\AFTER FORMAT PROGRAMS\wihu\PROGRAMS\SYSTEM\control_panel_tools\control_tools.exe 30.2 MB

zoro779 · 4 يونيو 2009

او بداخل الكود

كود:

Scan
----
Scanned:	364289
Detected:	3
Untreated:	1
Start time:	04/06/2009 03:14:21 م
Duration:	02:44:43
Finish time:	04/06/2009 05:59:04 م


Detected
--------
Status	Object
------	------
deleted: Trojan program Trojan.Win32.Genome.ltv	File: D:\1Original\AFTER FORMAT PROGRAMS\DESIGN\&&&&&صنع الاسطوانات التجميعية&&&\AutoPlay Media Studio v6_P\Portable AutoPlay Media Studio 6.0.5.0 by BouzalouFe.exe/ams60.exe
deleted: Trojan program Backdoor.Win32.IRCBot.jje	File: D:\1Original\AFTER FORMAT PROGRAMS\MULTIMEDIA\power mp3 cuttermp3 sound cutter\power mp3 cuttermp3 sound cutter.exe
detected: adware not-a-virus:AdWare.Win32.Background	File: E:\learn to speak english\EE09_1_B3.iso//INSTALL/BRODCAST/DSSAGENT.EXE;1


Events
------
Time	Name	Status	Reason
----	----	------	------
04/06/2009 03:15:37 م	Running module: wscntfy.exe\wscntfy.exe	ok	scanned
04/06/2009 03:15:46 م	File: C:\WINDOWS\system32\wscntfy.exe	ok	scanned


Statistics
----------
Object	Scanned	Detected	Untreated	Deleted	Moved to Quarantine	Archives	Packed files	Password protected	Corrupted
------	-------	--------	---------	-------	-------------------	--------	------------	------------------	---------


Settings
--------
Parameter	Value
---------	-----
Security Level	Recommended
Action	Disinfect, delete if disinfection fails
Run mode	Manually
File types	Scan all files
Scan only new and changed files	No
Scan archives	All
Scan embedded OLE objects	All
Skip if object is larger than	No
Skip if scan takes longer than	No
Parse email formats	No
Scan password-protected archives	No
Enable iChecker technology	No
Enable iSwift technology	No
Show detected threats on "Detected" tab	Yes
Rootkits search	Yes
Deep rootkits search	No
Use heuristic analyzer	Yes


Quarantine
----------
Status	Object	Size	Added
------	------	----	-----


Backup
------
Status	Object	Size
------	------	----
Infected: Trojan program Trojan-Downloader.Win32.Agent.breh	D:\1Original\NetProg\Portable TheWorld2.0\Appdata\TheWorld_ENU_U.exe	875 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jni	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\123key.exe	5.2 MB
Infected: Trojan program Backdoor.Win32.IRCBot.jvb	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\AcrobatKey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jrj	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Actkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jsz	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\AsteriskKey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kal	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Backupkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jok	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\BestCryptKey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbm	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Efskey.exe	11.7 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jon	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\FileMakerkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jse	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\InternetExplorer.exe	11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jsw	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\LotusNotekey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbf	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\LotusWordProkey.exe	11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jyc	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Mailkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kby	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Messengerkey.exe	11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jun	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Moneykey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.joq	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Myobkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jsy	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\NetworkConnectionskey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbr	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Officekey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbi	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\OneNotekey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kat	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Organizerkey.exe	11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbn	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\OutlookExpresskey.exe	11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jvh	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Paradoxkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kdx	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\PeachTree.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbb	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Projectkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.joy	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\QuattroProkey.exe	11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jrm	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\QuickBookskey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jvg	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Quickenkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.kbd	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Schedulekey.exe	11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jox	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Sqlkey.exe	11.2 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jnt	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\WordPerfectkey.exe	11.6 KB
Infected: Trojan program Backdoor.Win32.IRCBot.jyo	D:\1Original\UTILIES\برامج كشف الباسورد\LostPassword.Passware.Kit.v8\LostPassword.Passware.Kit.v8-USB\Zipkey.exe	11.2 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.aawu	D:\1Original\AFTER FORMAT PROGRAMS\wihu\PROGRAMS\SYSTEM\control_panel_tools\control_tools.exe	30.2 MB

zoro779 · 5 يونيو 2009

uppppppp

زيزوومى مبدع

توقيع : zoro779

زيزوومي ماسى

توقيع : format

زيزوومي ماسى

توقيع : format

زيزوومى مبدع

توقيع : zoro779

زيزوومي ماسى

توقيع : format

زيزوومى مبدع

توقيع : zoro779

زيزوومى مبدع

توقيع : zoro779

عضو شرف

توقيع : AbOdy

زيزوومى مبدع

توقيع : zoro779

زيزوومي ماسى

توقيع : format

زيزوومى مبدع

توقيع : zoro779

زيزوومي ماسى

توقيع : format

زيزوومى محترف

توقيع : أعتز بك

زيزوومى مبدع

توقيع : zoro779

زيزوومي ماسى

توقيع : format

زيزوومى مبدع

توقيع : zoro779

زيزوومى مبدع

توقيع : zoro779

زيزوومى مبدع

توقيع : zoro779

زيزوومى مبدع

توقيع : zoro779