تقرير عن جهازي مع صورة برنامج كشف التجسس 200 ملف تجسس

الباشق1 · 29 يونيو 2009

السلام عليكم كيفكم اخوتي

نزلت برنامج كشف التجسس والنتائج كما بالصوره ؟

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:43:19 ص, on 29/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\SPYREM~1\SpyRemoverPro.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyRemoverPro] C:\PROGRA~1\SPYREM~1\SpyRemoverPro.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6869 bytes

الباشق1 · 29 يونيو 2009

تابع

الكااااااااسر · 29 يونيو 2009

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

الباشق1 · 29 يونيو 2009

خيو هذا التقرير من برنامج ComboFix.exe

ComboFix 09-06-28.02 - Administrator 06/29/2009 10:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.959.625 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-29 06:48 . 2009-06-29 07:27 909344 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-28 23:00 . 2009-06-28 23:00 -------- d-----w- c:\windows\system32\LogFiles
2009-06-28 22:43 . 2009-06-28 22:43 -------- d-----w- c:\program files\Trend Micro
2009-06-28 22:35 . 1999-12-17 19:43 86016 ----a-w- c:\windows\unvise32.exe
2009-06-28 22:35 . 2009-06-28 22:56 -------- d-----w- c:\program files\SpyRemover Pro
2009-06-28 21:39 . 2009-06-28 21:39 -------- d-----w- c:\program files\الحاسبة المتطورة لـ Microsoft
2009-06-28 21:37 . 2009-06-28 21:37 -------- d-----w- c:\windows\system32\ar-sa
2009-06-28 21:35 . 2006-09-06 14:42 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-28 21:34 . 2009-06-28 21:34 -------- d--h--w- c:\windows\$hf_mig$
2009-06-28 11:08 . 2009-06-28 11:08 -------- d-----w- c:\program files\VirtuallTek
2009-06-28 11:08 . 2009-06-28 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtuallTek
2009-06-28 10:54 . 2009-06-28 10:54 -------- d-----w- c:\program files\Microsoft.NET
2009-06-28 10:53 . 2009-06-28 10:53 -------- d-----w- c:\program files\Microsoft Works
2009-06-28 10:52 . 2009-06-28 10:54 -------- d-----w- c:\windows\SHELLNEW
2009-06-28 10:37 . 2005-10-26 08:42 -------- d-----w- C:\install
2009-06-28 10:18 . 2009-06-28 11:10 -------- d-----w- C:\Unattended
2009-06-28 10:10 . 2009-06-28 10:10 -------- d-----w- c:\program files\7-Zip
2009-06-28 09:38 . 2009-06-28 09:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-27 23:25 . 2009-06-28 10:36 -------- d-----w- C:\Office
2009-06-27 23:17 . 2009-06-27 23:17 -------- d-----w- C:\Office2003
2009-06-24 12:32 . 2009-06-24 12:32 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-06-24 12:32 . 2009-06-24 12:32 -------- d-----w- c:\program files\UltraISO
2009-06-24 11:52 . 2009-06-24 11:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-22 10:25 . 2009-06-22 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-21 22:43 . 2009-06-21 22:43 -------- d-----w- c:\windows\Sun
2009-06-21 22:42 . 2009-06-21 22:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-21 22:42 . 2009-06-21 22:42 -------- d-----w- c:\program files\Java
2009-06-21 22:42 . 2009-06-21 22:42 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-21 22:36 . 2009-06-21 22:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2009-06-20 15:49 . 2009-06-20 15:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\COWON
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 07:38 . 2009-06-19 18:43 -------- d-----w- c:\program files\FlashGet
2009-06-29 07:27 . 2009-06-29 06:48 11732 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-28 21:28 . 2009-06-19 17:36 94632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 23:43 . 2001-09-19 12:00 40940 ----a-w- c:\windows\system32\perfc001.dat
2009-06-24 23:43 . 2001-09-19 12:00 254130 ----a-w- c:\windows\system32\perfh001.dat
2009-06-21 22:38 . 2009-06-19 17:29 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-20 23:42 . 2009-06-19 18:44 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-06-19 19:12 . 2009-06-19 18:43 -------- d-----w- c:\program files\Google
2009-06-19 18:51 . 2009-06-19 18:50 -------- d-----w- c:\program files\Ela-Salaty
2009-06-19 18:49 . 2009-06-19 18:49 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-19 18:49 . 2009-06-19 18:48 -------- d-----w- c:\program files\Real
2009-06-19 18:48 . 2009-06-19 18:48 -------- d-----w- c:\program files\Common Files\Real
2009-06-19 18:48 . 2009-06-19 18:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-19 18:48 . 2009-06-19 18:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-19 18:47 . 2009-06-19 18:47 -------- d-----w- c:\program files\mpegable
2009-06-19 18:47 . 2009-06-19 18:47 -------- d-----w- c:\program files\JetAudio
2009-06-19 18:47 . 2009-06-19 18:47 -------- d-----w- c:\program files\Common Files\COWON
2009-06-19 18:47 . 2009-06-19 18:47 47104 ------w- c:\windows\AKDeInstall.exe
2009-06-19 18:47 . 2009-06-19 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 18:46 . 2009-06-19 18:46 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-06-19 18:46 . 2009-06-19 18:46 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-06-19 18:46 . 2009-06-19 18:46 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-06-19 18:46 . 2009-06-19 18:46 1986560 ----a-w- c:\windows\system32\akll.dll
2009-06-19 18:46 . 2009-06-19 18:46 196608 ----a-w- c:\windows\system32\maag.dll
2009-06-19 18:46 . 2009-06-19 18:46 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-06-19 18:46 . 2009-06-19 18:46 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-06-19 18:46 . 2009-06-19 18:46 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-----w- c:\program files\Real_SC
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-19 18:44 . 2009-06-19 18:44 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-19 18:44 . 2009-06-19 18:44 -------- d-----w- c:\program files\Nero
2009-06-19 18:44 . 2009-06-19 18:44 172032 ------w- c:\windows\Setup1.exe
2009-06-19 18:44 . 2009-06-19 18:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-19 18:44 . 2009-06-19 18:43 -------- d-----w- c:\program files\Paltalk Messenger
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-----w- c:\program files\Yahoo!
2009-06-19 18:42 . 2009-06-19 18:42 -------- d-----w- c:\program files\MSN Messenger
2009-06-19 18:33 . 2009-06-19 18:33 -------- d-----w- c:\program files\VIA
2009-06-19 18:33 . 2009-06-19 18:29 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-19 18:31 . 2009-06-19 18:31 -------- d-----w- c:\program files\Realtek Sound Manager
2009-06-19 18:31 . 2009-06-19 18:31 -------- d-----w- c:\program files\AvRack
2009-06-19 18:31 . 2009-06-19 18:31 -------- d-----w- c:\program files\Realtek AC97
2009-06-19 18:29 . 2009-06-19 18:29 -------- d-----w- c:\program files\S3
2009-06-19 17:40 . 2009-06-19 17:40 -------- d-----w- c:\program files\ESET
2009-06-19 17:40 . 2009-06-19 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-19 17:30 . 2009-06-19 17:30 -------- d-----w- c:\program files\microsoft frontpage
2009-06-19 17:27 . 2009-06-19 17:27 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-19 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-21 148888]
"SpyRemoverPro"="c:\progra~1\SPYREM~1\SpyRemoverPro.exe" [2008-06-27 6135808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2006-7-22 4730368]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalStart.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [19/06/2009 09:34 م 17920]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 02:23 م 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 02:24 م 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 02:23 م 727720]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-29 10:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\CLBCATQ.DLL
.
Completion time: 2009-06-29 10:43
ComboFix-quarantined-files.txt 2009-06-29 07:43
Pre-Run: 20,948,582,400 bytes free
Post-Run: 21,646,102,528 bytes free
170

الباشق1 · 29 يونيو 2009

وهذا تقرير الهاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:38 ص, on 29/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyRemoverPro] C:\PROGRA~1\SPYREM~1\SpyRemoverPro.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6172 bytes

فـهـد · 29 يونيو 2009

عزيزي ,,

احذف القيم التالية

في " الهايجاك "

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

الباشق1 · 29 يونيو 2009

تفضل اخي ولاكن رقم 4 غير موجود

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:18 ص, on 29/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyRemoverPro] C:\PROGRA~1\SPYREM~1\SpyRemoverPro.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 6142 bytes

فارس الملاك · 29 يونيو 2009

عزيزي ادخل على هالصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل اداة المكافي

وشغلها واختر خياار التنظيف

وانتظر حتى تنتهي >>>>>>> تقريبا تاخذ ساعه على حسب الجهاز

فـهـد · 29 يونيو 2009

اهلاً عزيزي بك مرة اخرى ,,

الحمد الله تقرير الهايجاك عندك سليم

الباشق1 · 29 يونيو 2009

فـهـد قال:
اهلاً عزيزي بك مرة اخرى ,,

الحمد الله تقرير الهايجاك عندك سليم

مشكور اخي فهد وفقك الله ولاكن الجهاز عندي شك فيه انه غير سليم بسبب تهنيكه وثقله وهو ماله سبوع مفرمت كان ممتاز ولاكن اللاثة الايام التي مضت صار يهنك وو

جاري تحميل برنامج المكافي

وشكرا مره اخرى

الباشق1 · 29 يونيو 2009

فارس الملاك قال:
عزيزي ادخل على هالصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل اداة المكافي

وشغلها واختر خياار التنظيف

وانتظر حتى تنتهي >>>>>>> تقريبا تاخذ ساعه على حسب الجهاز

اخي العزيز اشكرك وحملة البرنامج وطلع لي نظام الدوس علمية البحث ؟ مافيه برنامج تنظيف ولا عادي ؟

الباشق1 · 29 يونيو 2009

فارس الملاك قال:
عزيزي ادخل على هالصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل اداة المكافي

وشغلها واختر خياار التنظيف

وانتظر حتى تنتهي >>>>>>> تقريبا تاخذ ساعه على حسب الجهاز

.

protection · 29 يونيو 2009

الباشق1 قال:
اخي العزيز اشكرك وحملة البرنامج وطلع لي نظام الدوس علمية البحث ؟ مافيه برنامج تنظيف ولا عادي ؟

عملية التنظيف تتم بالدوس .. دعها تعمل بشكل تلقائي

ربما تتأخر العمليه ساعه أو اكثر على حسب عدد ملفاتك بالجهاز

بالتوفيق

MAAX · 29 يونيو 2009

protection قال:
عملية التنظيف تتم بالدوس .. دعها تعمل بشكل تلقائي

ربما تتأخر العمليه ساعه أو اكثر على حسب عدد ملفاتك بالجهاز

بالتوفيق

k:
توجه الى القرص c ،، وقم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التقرير noor_mcafee
وارفعه على هذا الموقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفق رابط التحميل بمشاركتك القادمة

الباشق1 · 30 يونيو 2009

السلام عليكم تفضل التقرير واسف على التاخير

Virus Scan Report File

Virus Scan Information

McAfee VirusScan for Win32 v5.30.0Copyright (c) 1992-2008 McAfee, Inc. All rights reserved.(408) 988-3832 LICENSED COPY - Jun 16 2008Scan engine v5.3.00 for Win32.Virus data file v5657 created Jun 25 2009Scanning for 530896 viruses, trojans and variants.Virus Scan Results

06/29/2009 11:13:00Options:/ADL /WINMEM/CLEAN /APPEND /HTML C:\NOOR_MCAFEE.HTMScanning C: []Scanning C:\*.*Summary report on C:\*.*File(s) Total files: ........... 31246 Clean: ................. 31211 Not scanned: ........... 0 Possibly Infected: ..... 0 Cleaned: ............... 0Non-critical Error(s): 1Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Scanning D: []Scanning D:\*.*D:\SATA_Arabic\NEW\ROCK XP 1.0\ROCKXP.EXE ... Found the Generic.dx trojan !!! The file or process has been deleted.D:\WinXPk3\NEW\ROCK XP 1.0\ROCKXP.EXE ... Found the Generic.dx trojan !!! The file or process has been deleted.D:\نسخ (2) من SATA_Arabic\NEW\ROCK XP 1.0\ROCKXP.EXE ... Found the Generic.dx trojan !!! The file or process has been deleted.Summary report on D:\*.*File(s) Total files: ........... 25049 Clean: ................. 25043 Not scanned: ........... 0 Possibly Infected: ..... 3 Cleaned: ............... 0 Deleted: ............... 3Non-critical Error(s): 1Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Scanning E: []Scanning E:\*.*E:\الباتش برنامج التحميل\IDM Patch V5.XX Build XX Update 3 By Pharaohs Team.exe ... Found the Generic.dx trojan !!! The file or process has been deleted.E:\برامج\برنامج الاداة لعادة التشغيل في وضع الامن.exe ... Found the Generic.dx trojan !!! The file or process has been deleted.E:\مجموعة برامج دمشق\system32\Cracks\Anti-Virus\AVG Anti-Virus 7.1 Server Edition\keygen.exe ... Found the Generic.dx trojan !!! The file or process has been deleted.E:\مجموعة برامج دمشق\system32\Cracks\Web\Hide IP Platinum v2.4\HideIP.Platinum v2.4 Key\HideIpPlatinum23keygen.exe ... Found the Generic.dx trojan !!! The file or process has been deleted.Summary report on E:\*.*File(s) Total files: ........... 32501 Clean: ................. 32495 Not scanned: ........... 0 Possibly Infected: ..... 4 Cleaned: ............... 0 Deleted: ............... 4Non-critical Error(s): 1Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Time: 00:51.05Visit the

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Web Site
Need some help or advice? Send email to Technical Support.

الباشق1 · 30 يونيو 2009

وهذا تقرير برنامج ComboFix

ComboFix 09-06-28.02 - Administrator 06/29/2009 10:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.959.625 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-29 06:48 . 2009-06-29 07:27 909344 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-28 23:00 . 2009-06-28 23:00 -------- d-----w- c:\windows\system32\LogFiles
2009-06-28 22:43 . 2009-06-28 22:43 -------- d-----w- c:\program files\Trend Micro
2009-06-28 22:35 . 1999-12-17 19:43 86016 ----a-w- c:\windows\unvise32.exe
2009-06-28 22:35 . 2009-06-28 22:56 -------- d-----w- c:\program files\SpyRemover Pro
2009-06-28 21:39 . 2009-06-28 21:39 -------- d-----w- c:\program files\الحاسبة المتطورة لـ Microsoft
2009-06-28 21:37 . 2009-06-28 21:37 -------- d-----w- c:\windows\system32\ar-sa
2009-06-28 21:35 . 2006-09-06 14:42 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-28 21:34 . 2009-06-28 21:34 -------- d--h--w- c:\windows\$hf_mig$
2009-06-28 11:08 . 2009-06-28 11:08 -------- d-----w- c:\program files\VirtuallTek
2009-06-28 11:08 . 2009-06-28 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtuallTek
2009-06-28 10:54 . 2009-06-28 10:54 -------- d-----w- c:\program files\Microsoft.NET
2009-06-28 10:53 . 2009-06-28 10:53 -------- d-----w- c:\program files\Microsoft Works
2009-06-28 10:52 . 2009-06-28 10:54 -------- d-----w- c:\windows\SHELLNEW
2009-06-28 10:37 . 2005-10-26 08:42 -------- d-----w- C:\install
2009-06-28 10:18 . 2009-06-28 11:10 -------- d-----w- C:\Unattended
2009-06-28 10:10 . 2009-06-28 10:10 -------- d-----w- c:\program files\7-Zip
2009-06-28 09:38 . 2009-06-28 09:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-27 23:25 . 2009-06-28 10:36 -------- d-----w- C:\Office
2009-06-27 23:17 . 2009-06-27 23:17 -------- d-----w- C:\Office2003
2009-06-24 12:32 . 2009-06-24 12:32 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-06-24 12:32 . 2009-06-24 12:32 -------- d-----w- c:\program files\UltraISO
2009-06-24 11:52 . 2009-06-24 11:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-22 10:25 . 2009-06-22 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-21 22:43 . 2009-06-21 22:43 -------- d-----w- c:\windows\Sun
2009-06-21 22:42 . 2009-06-21 22:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-21 22:42 . 2009-06-21 22:42 -------- d-----w- c:\program files\Java
2009-06-21 22:42 . 2009-06-21 22:42 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-21 22:36 . 2009-06-21 22:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2009-06-20 15:49 . 2009-06-20 15:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\COWON
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 07:38 . 2009-06-19 18:43 -------- d-----w- c:\program files\FlashGet
2009-06-29 07:27 . 2009-06-29 06:48 11732 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-28 21:28 . 2009-06-19 17:36 94632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 23:43 . 2001-09-19 12:00 40940 ----a-w- c:\windows\system32\perfc001.dat
2009-06-24 23:43 . 2001-09-19 12:00 254130 ----a-w- c:\windows\system32\perfh001.dat
2009-06-21 22:38 . 2009-06-19 17:29 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-20 23:42 . 2009-06-19 18:44 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-06-19 19:12 . 2009-06-19 18:43 -------- d-----w- c:\program files\Google
2009-06-19 18:51 . 2009-06-19 18:50 -------- d-----w- c:\program files\Ela-Salaty
2009-06-19 18:49 . 2009-06-19 18:49 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-19 18:49 . 2009-06-19 18:48 -------- d-----w- c:\program files\Real
2009-06-19 18:48 . 2009-06-19 18:48 -------- d-----w- c:\program files\Common Files\Real
2009-06-19 18:48 . 2009-06-19 18:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-19 18:48 . 2009-06-19 18:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-19 18:47 . 2009-06-19 18:47 -------- d-----w- c:\program files\mpegable
2009-06-19 18:47 . 2009-06-19 18:47 -------- d-----w- c:\program files\JetAudio
2009-06-19 18:47 . 2009-06-19 18:47 -------- d-----w- c:\program files\Common Files\COWON
2009-06-19 18:47 . 2009-06-19 18:47 47104 ------w- c:\windows\AKDeInstall.exe
2009-06-19 18:47 . 2009-06-19 18:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 18:46 . 2009-06-19 18:46 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-06-19 18:46 . 2009-06-19 18:46 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-06-19 18:46 . 2009-06-19 18:46 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-06-19 18:46 . 2009-06-19 18:46 1986560 ----a-w- c:\windows\system32\akll.dll
2009-06-19 18:46 . 2009-06-19 18:46 196608 ----a-w- c:\windows\system32\maag.dll
2009-06-19 18:46 . 2009-06-19 18:46 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-06-19 18:46 . 2009-06-19 18:46 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-06-19 18:46 . 2009-06-19 18:46 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-----w- c:\program files\Real_SC
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-06-19 18:46 . 2009-06-19 18:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-19 18:44 . 2009-06-19 18:44 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-19 18:44 . 2009-06-19 18:44 -------- d-----w- c:\program files\Nero
2009-06-19 18:44 . 2009-06-19 18:44 172032 ------w- c:\windows\Setup1.exe
2009-06-19 18:44 . 2009-06-19 18:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-19 18:44 . 2009-06-19 18:43 -------- d-----w- c:\program files\Paltalk Messenger
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-19 18:43 . 2009-06-19 18:43 -------- d-----w- c:\program files\Yahoo!
2009-06-19 18:42 . 2009-06-19 18:42 -------- d-----w- c:\program files\MSN Messenger
2009-06-19 18:33 . 2009-06-19 18:33 -------- d-----w- c:\program files\VIA
2009-06-19 18:33 . 2009-06-19 18:29 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-19 18:31 . 2009-06-19 18:31 -------- d-----w- c:\program files\Realtek Sound Manager
2009-06-19 18:31 . 2009-06-19 18:31 -------- d-----w- c:\program files\AvRack
2009-06-19 18:31 . 2009-06-19 18:31 -------- d-----w- c:\program files\Realtek AC97
2009-06-19 18:29 . 2009-06-19 18:29 -------- d-----w- c:\program files\S3
2009-06-19 17:40 . 2009-06-19 17:40 -------- d-----w- c:\program files\ESET
2009-06-19 17:40 . 2009-06-19 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-19 17:30 . 2009-06-19 17:30 -------- d-----w- c:\program files\microsoft frontpage
2009-06-19 17:27 . 2009-06-19 17:27 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-19 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-21 148888]
"SpyRemoverPro"="c:\progra~1\SPYREM~1\SpyRemoverPro.exe" [2008-06-27 6135808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2006-7-22 4730368]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalStart.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [19/06/2009 09:34 م 17920]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 02:23 م 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 02:24 م 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 02:23 م 727720]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-29 10:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\CLBCATQ.DLL
.
Completion time: 2009-06-29 10:43
ComboFix-quarantined-files.txt 2009-06-29 07:43
Pre-Run: 20,948,582,400 bytes free
Post-Run: 21,646,102,528 bytes free
170

تقرير عن جهازي مع صورة برنامج كشف التجسس 200 ملف تجسس

الباشق1

زيزوومى متألق

الباشق1

زيزوومى متألق

الكااااااااسر

زيزوومى مميز

الباشق1

زيزوومى متألق

الباشق1

زيزوومى متألق

فـهـد

زيزوومى مبدع

توقيع : فـهـد

الباشق1

زيزوومى متألق

فارس الملاك

زيزوومى محترف

توقيع : فارس الملاك

فـهـد

زيزوومى مبدع

توقيع : فـهـد

الباشق1

زيزوومى متألق

الباشق1

زيزوومى متألق

الباشق1

زيزوومى متألق

protection

لا إله إلا الله

توقيع : protection

MAAX

عضوشرف

الباشق1

زيزوومى متألق

الباشق1

زيزوومى متألق

NTLite Business 2025.8.10552 X64