هذا هو التقرير المراد.--------------------------\\\ Start Report Of HijackThis --------------- .Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:24:59 م, on 12/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exeC:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exeC:\WINDOWS\system32\CNAB4RPK.EXEC:\DOCUME~1\jabbar\LOCALS~1\Temp\bntoz\runn.exeC:\WINDOWS\system32\cmd.exeC:\DOCUME~1\jabbar\LOCALS~1\Temp\bntoz\HijackThis.exeO4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exe"O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: Spy Emergency Shield Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 1877 bytes..--------------------------\\\ End Report Of Of HijackThis --------------- ....--------------------------\\\ Start Report Of Running Processes --------------- .==================================================Process Name : smss.exeProcessID : 432Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Windows NT Session ManagerCompany : Microsoft CorporationWindow Title : File Size : 50,688File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\System32\smss.exeBase Address : 0x48580000Created On : 12/03/2008 04:13:53 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 372 KMem Usage Peak : 684 KPage Faults : 290Pagefile Usage : 164 KPagefile Peak Usage : 1672 KFile Attributes : A====================================================================================================Process Name : csrss.exeProcessID : 488Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Client Server Runtime ProcessCompany : Microsoft CorporationWindow Title : File Size : 6,144File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\csrss.exeBase Address : 0x4A680000Created On : 12/03/2008 04:13:55 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 3824 KMem Usage Peak : 5936 KPage Faults : 3717Pagefile Usage : 1728 KPagefile Peak Usage : 5256 KFile Attributes : A====================================================================================================Process Name : winlogon.exeProcessID : 512Priority : HighProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Windows NT Logon ApplicationCompany : Microsoft CorporationWindow Title : File Size : 502,272File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\winlogon.exeBase Address : 0x01000000Created On : 12/03/2008 04:13:56 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 4488 KMem Usage Peak : 12020 KPage Faults : 5492Pagefile Usage : 6740 KPagefile Peak Usage : 7688 KFile Attributes : A====================================================================================================Process Name : services.exeProcessID : 556Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Services and Controller appCompany : Microsoft CorporationWindow Title : File Size : 108,032File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\services.exeBase Address : 0x01000000Created On : 12/03/2008 04:13:56 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 3984 KMem Usage Peak : 4020 KPage Faults : 1345Pagefile Usage : 2028 KPagefile Peak Usage : 2068 KFile Attributes : A====================================================================================================Process Name : lsass.exeProcessID : 568Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : LSA l (Export Version)Company : Microsoft CorporationWindow Title : File Size : 13,312File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\lsass.exeBase Address : 0x01000000Created On : 12/03/2008 04:13:57 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 1664 KMem Usage Peak : 5480 KPage Faults : 1903Pagefile Usage : 3584 KPagefile Peak Usage : 3816 KFile Attributes : A====================================================================================================Process Name : svchost.exeProcessID : 712Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Generic Host Process for Win32 ServicesCompany : Microsoft CorporationWindow Title : File Size : 14,336File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\svchost.exeBase Address : 0x01000000Created On : 12/03/2008 04:13:57 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 4468 KMem Usage Peak : 4488 KPage Faults : 1205Pagefile Usage : 2976 KPagefile Peak Usage : 23212 KFile Attributes : A====================================================================================================Process Name : svchost.exeProcessID : 780Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Generic Host Process for Win32 ServicesCompany : Microsoft CorporationWindow Title : File Size : 14,336File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\svchost.exeBase Address : 0x01000000Created On : 12/03/2008 04:13:57 مVisible Windows : 0Hidden Windows : 0User Name : Mem Usage : 3916 KMem Usage Peak : 3916 KPage Faults : 1083Pagefile Usage : 1696 KPagefile Peak Usage : 1728 KFile Attributes : A====================================================================================================Process Name : svchost.exeProcessID : 820Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Generic Host Process for Win32 ServicesCompany : Microsoft CorporationWindow Title : File Size : 14,336File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\System32\svchost.exeBase Address : 0x01000000Created On : 12/03/2008 04:13:57 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 17912 KMem Usage Peak : 20572 KPage Faults : 8999Pagefile Usage : 12780 KPagefile Peak Usage : 17400 KFile Attributes : A====================================================================================================Process Name : svchost.exeProcessID : 880Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Generic Host Process for Win32 ServicesCompany : Microsoft CorporationWindow Title : File Size : 14,336File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\svchost.exeBase Address : 0x01000000Created On : 12/03/2008 04:13:58 مVisible Windows : 0Hidden Windows : 0User Name : Mem Usage : 2636 KMem Usage Peak : 2716 KPage Faults : 707Pagefile Usage : 1108 KPagefile Peak Usage : 1208 KFile Attributes : A====================================================================================================Process Name : svchost.exeProcessID : 988Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Generic Host Process for Win32 ServicesCompany : Microsoft CorporationWindow Title : File Size : 14,336File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\svchost.exeBase Address : 0x01000000Created On : 12/03/2008 04:13:58 مVisible Windows : 0Hidden Windows : 0User Name : Mem Usage : 4264 KMem Usage Peak : 4264 KPage Faults : 1117Pagefile Usage : 1760 KPagefile Peak Usage : 1760 KFile Attributes : A====================================================================================================Process Name : ccSvcHst.exeProcessID : 1120Priority : NormalProduct Name : Symantec Security TechnologiesVersion : 106.0.1.10Description : Symantec Service FrameworkCompany : Symantec CorporationWindow Title : File Size : 105,632File Created Date : 03/09/2006 03:04:08 صFile Modified Date : 03/09/2006 03:04:08 صFilename : C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeBase Address : 0x00400000Created On : 12/03/2008 04:14:00 مVisible Windows : 0Hidden Windows : 0User Name : Mem Usage : 512 KMem Usage Peak : 18364 KPage Faults : 12407Pagefile Usage : 17180 KPagefile Peak Usage : 17836 KFile Attributes : A====================================================================================================Process Name : Explorer.EXEProcessID : 1232Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)Description : Windows ExplorerCompany : Microsoft CorporationWindow Title : JABBAR (J

File Size : 1,032,192File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\Explorer.EXEBase Address : 0x01000000Created On : 12/03/2008 04:14:00 مVisible Windows : 3Hidden Windows : 29User Name : ALI-FBD4E5207F9\jabbarMem Usage : 22588 KMem Usage Peak : 25764 KPage Faults : 13349Pagefile Usage : 15600 KPagefile Peak Usage : 18920 KFile Attributes : A====================================================================================================Process Name : AppSvc32.exeProcessID : 1320Priority : NormalProduct Name : Symantec Application CoreVersion : 1.0.00.101Description : Symantec Application Core ServiceCompany : Symantec CorporationWindow Title : File Size : 46,736File Created Date : 02/09/2006 12:33:40 صFile Modified Date : 02/09/2006 12:33:40 صFilename : C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeBase Address : 0x00400000Created On : 12/03/2008 04:14:01 مVisible Windows : 0Hidden Windows : 0User Name : Mem Usage : 364 KMem Usage Peak : 21412 KPage Faults : 16414Pagefile Usage : 20984 KPagefile Peak Usage : 21024 KFile Attributes : A====================================================================================================Process Name : spoolsv.exeProcessID : 1436Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Spooler SubSystem AppCompany : Microsoft CorporationWindow Title : File Size : 57,856File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\spoolsv.exeBase Address : 0x01000000Created On : 12/03/2008 04:14:02 مVisible Windows : 0Hidden Windows : 1User Name : NT AUTHORITY\SYSTEMMem Usage : 5480 KMem Usage Peak : 5512 KPage Faults : 1795Pagefile Usage : 3940 KPagefile Peak Usage : 4140 KFile Attributes : A====================================================================================================Process Name : SpyEmergencySrv.exeProcessID : 1704Priority : NormalProduct Name : NETGATE Spy Emergency 2007Version : 4, 0, 225, 0Description : Spy Emergency Malware and Spam Filtering GatewayCompany : NETGATE Technologies s.r.o.Window Title : File Size : 625,208File Created Date : 12/03/2008 07:40:07 صFile Modified Date : 07/07/2007 07:28:26 صFilename : C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exeBase Address : 0x00400000Created On : 12/03/2008 04:14:02 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 7028 KMem Usage Peak : 13244 KPage Faults : 53788Pagefile Usage : 4172 KPagefile Peak Usage : 10364 KFile Attributes : A====================================================================================================Process Name : alg.exeProcessID : 228Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Application Layer Gateway ServiceCompany : Microsoft CorporationWindow Title : File Size : 44,544File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\System32\alg.exeBase Address : 0x01000000Created On : 12/03/2008 04:14:06 مVisible Windows : 0Hidden Windows : 0User Name : Mem Usage : 3492 KMem Usage Peak : 3504 KPage Faults : 908Pagefile Usage : 1296 KPagefile Peak Usage : 1316 KFile Attributes : A====================================================================================================Process Name : SpyEmergency.exeProcessID : 676Priority : NormalProduct Name : NETGATE Spy Emergency 2007Version : 4, 0, 225, 0Description : Spy Emergency 2007Company : NETGATE Technologies s.r.o.Window Title : File Size : 1,907,256File Created Date : 12/03/2008 07:40:06 صFile Modified Date : 03/07/2007 10:38:00 صFilename : C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exeBase Address : 0x00400000Created On : 12/03/2008 04:14:12 مVisible Windows : 0Hidden Windows : 11User Name : ALI-FBD4E5207F9\jabbarMem Usage : 16744 KMem Usage Peak : 19500 KPage Faults : 24449Pagefile Usage : 13008 KPagefile Peak Usage : 15916 KFile Attributes : A====================================================================================================Process Name : CNAB4RPK.EXEProcessID : 2432Priority : NormalProduct Name : Canon Advanced Printing TechnologyVersion : 3.00.0.003Description : Canon Advanced Printing Technology RPC Server ProcessCompany : CANON INC.Window Title : File Size : 63,112File Created Date : 11/01/2007 12:26:56 مFile Modified Date : 11/01/2007 12:26:56 مFilename : C:\WINDOWS\system32\CNAB4RPK.EXEBase Address : 0x00400000Created On : 12/03/2008 04:14:39 مVisible Windows : 0Hidden Windows : 0User Name : NT AUTHORITY\SYSTEMMem Usage : 1812 KMem Usage Peak : 1812 KPage Faults : 451Pagefile Usage : 564 KPagefile Peak Usage : 564 KFile Attributes : A====================================================================================================Process Name : runn.exeProcessID : 628Priority : NormalProduct Name : Version : Description : Company : Window Title : File Size : 71,680File Created Date : 12/03/2008 01:24:54 مFile Modified Date : 31/01/2008 10:24:25 مFilename : C:\DOCUME~1\jabbar\LOCALS~1\Temp\bntoz\runn.exeBase Address : 0x00400000Created On : 12/03/2008 04:24:54 مVisible Windows : 0Hidden Windows : 0User Name : ALI-FBD4E5207F9\jabbarMem Usage : 2256 KMem Usage Peak : 2276 KPage Faults : 634Pagefile Usage : 844 KPagefile Peak Usage : 900 KFile Attributes : A====================================================================================================Process Name : cmd.exeProcessID : 4012Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : Windows Command ProcessorCompany : Microsoft CorporationWindow Title : File Size : 388,608File Created Date : 04/08/2004 01:07:00 صFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\cmd.exeBase Address : 0x4AD00000Created On : 12/03/2008 04:24:54 مVisible Windows : 0Hidden Windows : 1User Name : ALI-FBD4E5207F9\jabbarMem Usage : 2928 KMem Usage Peak : 2992 KPage Faults : 825Pagefile Usage : 2188 KPagefile Peak Usage : 3180 KFile Attributes : A====================================================================================================Process Name : wmiprvse.exeProcessID : 268Priority : NormalProduct Name : Microsoft® Windows® Operating SystemVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)Description : WMICompany : Microsoft CorporationWindow Title : File Size : 218,112File Created Date : 10/03/2008 05:50:49 مFile Modified Date : 04/08/2004 01:07:00 صFilename : C:\WINDOWS\system32\wbem\wmiprvse.exeBase Address : 0x01000000Created On : 12/03/2008 04:24:56 مVisible Windows : 0Hidden Windows : 0User Name : Mem Usage : 5544 KMem Usage Peak : 5544 KPage Faults : 1417Pagefile Usage : 3000 KPagefile Peak Usage : 3000 KFile Attributes : A====================================================================================================Process Name : CProcess.exeProcessID : 184Priority : NormalProduct Name : CurrProcessVersion : 1.11Description : CurrProcessCompany : NirSoftWindow Title : File Size : 35,840File Created Date : 12/03/2008 01:24:53 مFile Modified Date : 14/07/2005 04:46:34 صFilename : C:\DOCUME~1\jabbar\LOCALS~1\Temp\bntoz\CProcess.exeBase Address : 0x00400000Created On : 12/03/2008 04:24:59 مVisible Windows : 0Hidden Windows : 0User Name : ALI-FBD4E5207F9\jabbarMem Usage : 2308 KMem Usage Peak : 2316 KPage Faults : 732Pagefile Usage : 1080 KPagefile Peak Usage : 1080 KFile Attributes : A==================================================..--------------------------\\\ End Report Of Running Processes --------------- ....--------------------------\\\ Windows XP Startup List --------------- .HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute autocheck autochk * autocheck autochk * Auto Check Utility Microsoft Corporation 5.01.2600.2180 c:\windows\system32\autochk.exeHKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms rdpclip rdpclip RDP Clip Monitor Microsoft Corporation 5.01.2600.2180 c:\windows\system32\rdpclip.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation 5.01.2600.2180 c:\windows\system32\userinit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\l Explorer.exe Explorer.exe Windows Explorer Microsoft Corporation 6.00.2900.2180 c:\windows\explorer.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run SpyEmergency "C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exe" Spy Emergency 2007 NETGATE Technologies s.r.o. 4.00.0225.0000 c:\program files\netgate\spy emergency 2007\spyemergency.exeTask Scheduler 1-Click Maintenance.job C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart TuneUp System Optimizer TuneUp Software GmbH 6.00.2200.0230 c:\program files\tuneup utilities 2007\systemoptimizer.exe Norton AntiVirus - Run Full System Scan - jabbar.job C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca" Norton AntiVirus Scanner Module Symantec Corporation 14.00.0000.0089 c:\program files\norton antivirus\navw32.exe XoftSpySE 2.job C:\Program Files\XoftSpySE\XoftSpy.exe ShowReminders Xoftspy ParetoLogic 4.31.0000.0012 c:\program files\xoftspyse\xoftspy.exe XoftSpySE.job C:\Program Files\XoftSpySE\XoftSpy.exe -t Xoftspy ParetoLogic 4.31.0000.0012 c:\program files\xoftspyse\xoftspy.exe..----------- End Report ---------------