[تم حل المشكلة] فايرس يخفي الملفات وينسخ نفسه وقتحم nod32

الباشق1 · 31 يوليو 2009

السلام عليكم ورحمة الله وبركاته اخوتي جهاز فيه فايرس يخفي الملفات وينسخ نفسه في اكثر من ملف رغم وجود برنامج nod32 ومحدث ولاكن بدون فائده دخل جهازي ؟؟؟وهذا تقرير للجهازLogfile of HijackThis v1.99.1Scan saved at 01:37:21 م, on 01/08/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exeC:\WINDOWS\system32\CAP3RSK.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\CNAB4RPK.EXEC:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXEC:\WINDOWS\Explorer.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\USB Disk Security\USBGuard.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Live\Toolbar\wltuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\WISPTIS.EXEC:\WINDOWS\system32\msiexec.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeD:\الإسطوآآنة الخرآفية\HijackThis.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)F2 - REG:system.ini: Shell=Explorer.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXEO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dllO9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O11 - Options group: [INTERNATIONAL] International*O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

- Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exeO23 - Service: خدمة تحديث Google (gupdate1c9e16c4c55f72) (gupdate1c9e16c4c55f72) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Future Tank X-1 · 31 يوليو 2009

اخي اذا تريد الفحص من الدوس استعمل ,,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

‏
اما ذا لم ترد قل لي ,,

الباشق1 · 31 يوليو 2009

تسلم اخي انا ابي نصيحتك ولي تقولي عادي اسويه الان احملها

والله يوفقك

Future Tank X-1 · 31 يوليو 2009

ممتاز ,,
بعد ما تحطها على السيدي وتشغله بعد إعادة التشغيل ,,
حدثه وسو فحص شاامل للجهاز ,,
واحذف كل ما وجد ,,
بعدها تقرير هايجك من جهازك ,,

Corporation · 31 يوليو 2009

طريقة تعطيل النود عن العمل

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وشغل الأدآة وتوكل

Corporation · 31 يوليو 2009

> متأخر ..

ما شاء الله الردود ما انتبهت عليها

موفقيـن ..

الباشق1 · 31 يوليو 2009

تسلم اخي تم حذف النود نهائيا وركبة كاسبر بدون فائده مايشتغل كل ماشغله يقفل والان جلس بحمل الاسطوانة لي ارسلتلي الرابط حقها

وتمنى لك التوفيق

البارون · 31 يوليو 2009

اخوي عندك مدير المهام معطل لازم تشغله عشان تشغل برنامج الحماية

الباشق1 · 31 يوليو 2009

اخي كيف اشغله انا خليته ممكن ولم ينفع وثم خليته غير وكمان نفس المشكله ؟؟؟

والان اي ملف تنفيذي معطل والله حتى البرنامج الي ارسلته تعطل الان لا يمكن فتحه ؟؟

الباشق1 · 1 أغسطس 2009

سلام حملة اسطوانة الملايين ولاكن بدون فائده يطلب مني كود ؟؟؟

Future Tank X-1 · 1 أغسطس 2009

غريييبه ,,
على العموم هذه الاسطواانه تفي بنفس الغرض واكثر ,,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

يفضل تحميلها ,,
اذا لم ترد رد خبر ,,

الباشق1 · 2 أغسطس 2009

مشكور اخي جاري التحميل والتجربه

وهل احملها بنفس الجهاز المصاب عادي ؟؟

مريسي · 2 أغسطس 2009

اخوي شغل الأداة في الوضع العادي

دون تعطيل برنامج الحماية

الباشق1 · 2 أغسطس 2009

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

هلا خيوو بدون فائده كل البرامج لما تفيد وبنتظار الخبراء

فارس الملاك · 2 أغسطس 2009

عزيزي عطني تقرير هايجاك جديد

الباشق1 · 2 أغسطس 2009

تفضل اخي وفقك الله

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:38:05 م, on 03/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: McAfee Application Installer Cleanup (0014571217750387) (0014571217750387mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\001457~1.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: خدمة تحديث Google (gupdate1c9e16c4c55f72) (gupdate1c9e16c4c55f72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

--
End of file - 9026 bytes

فارس الملاك · 2 أغسطس 2009

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

الباشق1 · 2 أغسطس 2009

ComboFix 09-08-01.06 - خالد 08/03/2008 16:28.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1014.584 [GMT 3:00]
Running from: c:\documents and settings\خالد\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.
2009-07-16 08:20 . 2008-07-23 06:37 -------- d-----w- c:\windows\system32\SupportAppXL
2009-07-16 08:17 . 2009-07-16 08:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-05 05:27 . 2009-07-05 05:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-06-19 11:20 . 2009-06-19 11:36 -------- d-----w- c:\windows\Crystal
2009-06-19 11:20 . 2008-08-01 12:19 -------- d-----w- c:\program files\Almwhasip
2009-06-17 07:03 . 2009-06-17 07:03 -------- d-----w- c:\program files\BandRich
2009-06-13 15:23 . 2006-01-13 00:46 252928 ----a-w- c:\windows\system32\drivers\rt73.sys
2009-05-30 21:17 . 2009-05-30 21:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-30 21:15 . 2009-05-30 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-28 04:28 . 2009-05-28 04:28 -------- d-----w- C:\TL-WN321G_080409
2009-05-23 10:15 . 2009-05-23 10:15 -------- d-----w- c:\documents and settings\خالد\Application Data\Avanquest
2009-05-23 10:15 . 2009-05-23 10:15 -------- d-----w- c:\documents and settings\خالد\Local Settings\Application Data\Xenocode
2009-05-23 08:40 . 2008-07-23 05:21 -------- d-----w- c:\program files\CCleaner
2009-05-22 10:21 . 2008-06-09 17:57 159744 ----a-w- c:\windows\system32\igfxres.dll
2009-05-22 09:49 . 2009-05-22 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-22 09:48 . 2009-05-22 09:52 1045336 ----a-w- C:\DriverDetective.exe
2009-05-20 06:24 . 1998-04-26 21:00 570128 ----a-w- c:\windows\system32\DAO350.DLL
2009-05-16 11:41 . 2009-05-16 11:41 -------- d-----w- c:\windows\Super Retail Management System
2009-05-13 08:41 . 2003-11-26 22:21 16486595 ----a-w- C:\قرآن.exe
2009-05-12 20:43 . 2009-05-12 20:43 -------- d---a-w- C:\PrimerDB
2009-05-12 20:42 . 1999-09-30 15:21 166672 ------w- c:\windows\system32\mstext35.dll
2009-05-12 20:42 . 1999-09-09 18:06 168720 ------w- c:\windows\system32\msltus35.dll
2009-05-12 20:42 . 1999-06-07 14:59 250128 ------w- c:\windows\system32\mspdox35.dll
2009-05-12 20:42 . 1998-06-01 10:37 344064 ------w- c:\windows\system32\msexch35.dll
2009-05-12 20:42 . 1998-06-01 10:37 294912 ------w- c:\windows\system32\msxbse35.dll
2009-05-12 20:42 . 1999-09-09 18:06 252688 ------w- c:\windows\system32\msexcl35.dll
2009-05-12 20:42 . 1999-04-26 16:08 44304 ------w- c:\windows\system32\msrpfs35.dll
2009-05-12 10:20 . 2009-05-13 04:57 -------- d-----w- c:\windows\A5W_DATA
2009-05-12 10:11 . 2009-05-12 20:42 -------- d-----w- c:\program files\NCC Education
2009-05-08 20:42 . 2009-05-08 20:42 -------- d-----w- c:\windows\Downloaded Installations
2009-04-23 20:41 . 2009-04-23 20:41 -------- d-----w- c:\windows\Sun
2009-04-23 20:39 . 2009-04-23 20:40 -------- d-----w- c:\program files\Java
2009-04-23 20:37 . 2009-04-23 20:37 -------- d-----w- c:\program files\Common Files\Java
2009-04-22 10:39 . 2009-04-22 10:39 -------- d-----w- c:\program files\Photo to Sketch Pro
2009-04-22 10:37 . 2009-04-22 10:37 -------- d-----w- c:\program files\Photo To Sketch
2009-04-21 22:15 . 2007-11-15 05:49 352256 ----a-w- c:\windows\system32\ExSkin.dll
2009-04-21 11:18 . 2009-04-21 11:19 -------- d-----w- c:\program files\Button Studio
2009-04-21 11:18 . 1999-03-23 05:12 299520 ----a-w- c:\windows\uninst.exe
2009-03-16 19:48 . 2009-03-16 19:48 -------- d-----w- c:\program files\home plan software
2009-03-06 13:32 . 2009-03-06 13:32 -------- d-----w- c:\program files\Common Files\xing shared
2009-03-06 13:26 . 2009-03-06 13:26 390664 ----a-w- c:\documents and settings\خالد\Application Data\Real\RealPlayer\setup\AU_setup6.exe
2009-03-06 11:52 . 2009-03-06 11:52 -------- d-----w- c:\documents and settings\خالد\Local Settings\Application Data\Help
2009-03-06 11:21 . 2009-03-06 11:21 -------- d-----w- c:\program files\Epsilon Squared
2009-03-06 08:10 . 2009-03-06 08:10 -------- d-----w- c:\program files\VirtuallTek
2009-02-18 09:21 . 2009-02-18 09:36 -------- d-----w- c:\documents and settings\خالد\Application Data\Motive
2009-02-18 09:21 . 2009-02-18 09:21 -------- d-----w- c:\program files\Fahess_Activation
2009-02-18 09:20 . 2009-02-18 09:21 -------- d-----w- c:\program files\Common Files\Motive
2009-02-18 09:20 . 2009-02-18 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-02-13 09:53 . 2009-02-13 09:53 -------- d-----w- c:\program files\AnteSafeVga
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w- c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w- c:\windows\system32\sirenacm.dll
2009-02-05 11:08 . 2009-03-06 10:11 -------- d-----w- C:\Download
2009-01-31 10:19 . 2009-05-09 13:16 -------- d-----w- c:\documents and settings\خالد\Application Data\Download Manager
2009-01-31 09:23 . 2009-03-06 11:07 -------- d-----w- c:\program files\Star Downloader
2009-01-30 17:32 . 2008-03-21 10:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-01-30 17:26 . 2009-01-30 17:25 24405000 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{59367F7E-D7C1-4629-8AEC-71AA24A68F31}\NokiaSoftwareUpdaterSetup_ar.exe
2009-01-30 17:25 . 2009-01-30 17:25 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{59367F7E-D7C1-4629-8AEC-71AA24A68F31}\Installer\CommonCustomActions\Sleep.exe
2009-01-30 17:25 . 2009-01-30 17:25 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{59367F7E-D7C1-4629-8AEC-71AA24A68F31}\Installer\CommonCustomActions\vcredistExec.exe
2008-12-12 22:08 . 2008-12-12 22:08 -------- d-----w- c:\documents and settings\خالد\Local Settings\Application Data\Yahoo
2008-12-12 22:07 . 2008-12-12 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-12 22:07 . 2008-09-19 13:41 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2008-12-08 21:41 . 2009-07-20 08:34 -------- d-----w- c:\program files\Mobily Connect Card
2008-12-04 19:19 . 2008-12-04 19:19 -------- d-----w- c:\program files\MSECache
2008-12-01 23:19 . 2008-12-01 23:20 -------- d-----w- c:\documents and settings\خالد\Local Settings\Application Data\Deployment
2008-11-20 12:21 . 2008-11-20 12:21 -------- d-----w- c:\documents and settings\خالد\Local Settings\Application Data\PCHealth
2008-11-20 12:10 . 2008-08-02 17:35 -------- d-----w- c:\documents and settings\خالد\Tracing
2008-11-20 12:08 . 2006-11-29 10:06 3426072 -c--a-w- c:\windows\system32\d3dx9_32.dll
2008-11-20 12:07 . 2008-11-20 12:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2008-11-20 12:06 . 2008-11-20 12:06 -------- d-----w- c:\program files\Microsoft
2008-11-20 12:05 . 2008-11-20 12:05 -------- d-----w- c:\program files\Common Files\Windows Live
2008-11-14 13:06 . 2008-08-02 22:59 -------- d-----w- c:\program files\ESET
2008-11-13 17:23 . 2008-11-13 17:23 75072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe
2008-11-12 10:11 . 2003-09-18 22:47 10368 ------w- c:\windows\system32\drivers\pfc.sys
2008-11-12 10:10 . 2001-12-10 14:42 204800 -c--a-w- c:\windows\system32\IVIresizeW7.dll
2008-11-12 10:10 . 2001-12-10 14:42 200704 -c--a-w- c:\windows\system32\IVIresizeA6.dll
2008-11-12 10:10 . 2001-12-10 14:42 192512 -c--a-w- c:\windows\system32\IVIresizeM6.dll
2008-11-12 10:10 . 2001-12-10 14:42 192512 -c--a-w- c:\windows\system32\IVIresizeP6.dll
2008-11-12 10:10 . 2001-12-10 14:42 188416 -c--a-w- c:\windows\system32\IVIresizePX.dll
2008-11-12 10:10 . 2001-12-10 14:42 20480 -c--a-w- c:\windows\system32\IVIresize.dll
2008-11-12 10:10 . 2008-11-12 10:10 -------- d-----w- c:\program files\InterVideo
2008-11-05 11:20 . 2008-11-05 11:20 -------- d-----w- c:\program files\Common Files\PCSuite
2008-11-05 11:19 . 2008-11-05 11:19 81920 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Installer\CommonCustomActions\UninstCCD.exe
2008-11-05 11:19 . 2008-11-05 11:19 79872 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Installer\CommonCustomActions\UninstPCS.exe
2008-11-05 11:19 . 2008-11-05 11:19 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2008-11-02 19:55 . 2008-11-02 19:55 -------- d-----w- c:\documents and settings\خالد\Application Data\Media Player Classic
2008-11-02 19:49 . 2008-11-07 11:40 -------- d-----w- c:\program files\AviSynth 2.5
2008-11-02 19:49 . 2008-11-02 19:49 -------- d-----w- c:\program files\ALO SOFT
2008-10-20 22:07 . 2008-07-26 06:39 -------- d-----w- c:\program files\learn computer
2008-10-19 21:29 . 2008-10-19 21:29 57344 -c--a-w- c:\windows\system32\IMSInfo.dll
2008-10-19 21:29 . 2008-10-19 21:29 397312 -c--a-w- c:\windows\system32\imcv1.dll
2008-10-19 19:10 . 2008-10-19 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno
2008-10-19 18:58 . 2008-09-22 10:10 -------- d-----w- c:\program files\Yahoo!
2008-10-19 18:57 . 2008-10-19 18:58 -------- d-----w- c:\documents and settings\خالد\Local Settings\Application Data\WeatherBug
2008-10-19 18:57 . 2008-10-19 18:57 -------- d-----w- c:\program files\AWS
2008-10-19 14:10 . 2008-10-19 14:16 -------- d-----w- c:\program files\Unknown Device Identifier
2008-10-19 11:47 . 2008-10-19 19:26 -------- d-----w- c:\windows\SxsCaPendDel
2008-10-16 11:07 . 2008-10-16 11:07 208744 ----a-w- c:\windows\system32\muweb.dll
2008-10-15 11:00 . 2009-05-21 10:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-10-12 20:29 . 2008-10-12 20:29 552 -c--a-w- c:\windows\system32\d3d8caps.dat
2008-10-12 19:39 . 2008-10-12 19:39 -------- d-----w- c:\program files\BearFlix
2008-10-12 19:39 . 2008-10-12 19:39 -------- d-----w- C:\My Downloads
2008-10-12 18:36 . 2008-10-12 18:36 -------- d-----w- c:\documents and settings\__ط_
2008-10-12 18:36 . 2008-10-12 18:36 17404461 ----a-w- c:\documents and settings\خالد\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_283e6_4_0_1.0.14.19.exe
2008-10-12 18:32 . 2008-10-12 18:32 13672720 ----a-w- c:\documents and settings\خالد\Application Data\Uniblue\DriverScanner\Download\usb_vid_17ef_pid_10045_8_8_012.exe
2008-10-12 18:14 . 2008-10-12 18:14 4803408 ----a-w- c:\documents and settings\خالد\Application Data\Uniblue\DriverScanner\Download\hdaudio_func_01_ven_14f1_dev_5045_subsys_17aa20db3_38_0_52.exe
2008-10-12 18:02 . 2008-10-12 18:02 1129549 ----a-w- c:\documents and settings\خالد\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24487_3_0_1013.exe
2008-10-11 19:28 . 2006-12-06 06:02 282624 -c--a-r- c:\windows\system32\HPZc3212.dll
2008-10-11 19:28 . 2005-04-08 01:51 258122 -c--a-r- c:\windows\system32\hpovst08.dll
2008-10-11 19:28 . 2005-04-08 01:51 278528 ----a-r- c:\windows\system32\hpgwiamd.dll
2008-10-11 19:28 . 2005-04-08 01:51 606208 -c--a-r- c:\windows\system32\hpotscl.dll
2008-10-11 10:30 . 2008-10-11 10:30 -------- d-----w- c:\program files\البرنامج المساعد لحاسبة الأسهم
2008-10-09 16:40 . 2008-10-09 16:40 -------- d-----w- c:\documents and settings\خالد\Application Data\Uniblue
2008-10-09 16:40 . 2008-07-29 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2008-10-09 16:02 . 2007-09-13 06:31 147456 -c--a-w- c:\windows\system32\igfxCoIn_v1329.dll
2008-10-09 16:02 . 2007-09-13 06:23 2498560 -c--a-w- c:\windows\system32\igdumd32.dll
2008-10-09 16:02 . 2007-09-13 06:11 249856 -c--a-w- c:\windows\system32\igfxTMM.dll
2008-10-09 16:02 . 2008-06-09 17:57 196608 ----a-w- c:\windows\system32\oemdspif.dll
2008-10-09 16:02 . 2007-09-13 06:23 1925632 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2008-10-08 16:57 . 2008-10-09 19:24 -------- d-----w- c:\program files\WirelessMon
2008-10-08 15:06 . 2008-10-08 15:06 -------- d-----w- c:\documents and settings\خالد\Application Data\Nero
2008-10-08 15:04 . 2006-03-17 12:49 368640 -c--a-w- c:\windows\system32\TwnLib4.dll
2008-10-08 15:04 . 2006-03-17 09:45 802816 -c--a-w- c:\windows\system32\imagXRA7.dll
2008-10-08 15:04 . 2006-03-17 09:45 497296 -c--a-w- c:\windows\system32\imagXpr7.dll
2008-10-08 15:04 . 2006-03-17 09:45 258048 -c--a-w- c:\windows\system32\imagXR7.dll
2008-10-08 15:04 . 2006-03-17 09:45 1757184 -c--a-w- c:\windows\system32\imagX7.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 08:20 . 2008-07-15 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-03-22 14:11 . 2008-07-15 18:45 -------- d-----w- c:\documents and settings\خالد\Application Data\AnteSafeVga
2009-03-21 13:37 . 2008-07-15 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Tool Eggs Less City
2009-03-06 13:32 . 2008-07-15 17:35 -------- d-----w- c:\program files\Common Files\Real
2009-01-30 17:33 . 2009-01-30 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-30 17:33 . 2009-01-30 17:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-10-26 16:55 . 2008-07-15 17:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2008-10-23 21:25 . 2008-07-15 17:24 -------- d-----w- c:\program files\CONEXANT
2008-10-16 11:13 . 2008-07-15 17:06 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2008-10-16 11:12 . 2008-07-15 17:06 202776 ----a-w- c:\windows\system32\wuweb.dll
2008-10-16 11:12 . 2008-07-15 17:06 323608 ----a-w- c:\windows\system32\wucltui.dll
2008-10-16 11:12 . 2008-07-15 17:06 561688 ----a-w- c:\windows\system32\wuapi.dll
2008-10-16 11:09 . 2008-07-15 17:06 51224 ----a-w- c:\windows\system32\wuauclt.exe
2008-10-16 11:09 . 2007-07-30 16:19 43544 ----a-w- c:\windows\system32\wups2.dll
2008-10-16 11:09 . 2004-08-03 21:56 92696 ----a-w- c:\windows\system32\cdm.dll
2008-10-16 11:08 . 2008-07-15 17:06 34328 ----a-w- c:\windows\system32\wups.dll
2008-09-27 20:36 . 2008-07-15 17:30 -------- d-----w- c:\program files\Common Files\InstallShield
2008-08-03 13:22 . 2008-08-02 15:59 -------- d-----w- c:\program files\McAfee
2008-08-03 11:43 . 2008-08-02 10:23 -------- d-----w- c:\documents and settings\خالد\Application Data\cleaner
2008-08-03 00:04 . 2008-08-02 16:14 -------- d-----w- c:\documents and settings\خالد\Application Data\SiteAdvisor
2008-08-02 16:14 . 2008-08-02 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2008-08-02 16:14 . 2008-08-02 16:14 -------- d-----w- c:\program files\SiteAdvisor
2008-08-02 16:14 . 2008-08-02 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-08-02 16:13 . 2008-08-02 16:06 -------- d-----w- c:\program files\Common Files\McAfee
2008-08-02 16:08 . 2008-08-02 16:06 -------- d-----w- c:\program files\McAfee.com
2008-08-02 08:10 . 2008-08-02 08:10 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-02 08:10 . 2008-08-02 08:10 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-01 17:29 . 2008-07-23 05:45 2744 --sha-w- c:\windows\system32\drivers\fidbox.idx
2008-08-01 17:29 . 2008-07-23 05:45 1196 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2008-08-01 11:08 . 2008-07-15 19:54 90112 ----a-w- c:\windows\DUMP52e2.tmp
2008-07-26 06:54 . 2008-07-15 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2008-07-23 05:29 . 2008-07-15 17:30 -------- d-----w- c:\program files\JetAudio
2008-07-15 19:56 . 2008-07-15 19:56 -------- d-----w- c:\program files\akTools
2008-07-15 19:51 . 2008-07-15 17:07 166455 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-07-15 19:38 . 2008-07-15 19:38 -------- d-----w- c:\program files\Web Publish
2008-07-15 18:44 . 2008-07-15 18:44 -------- d-----w- c:\program files\MessengerPlus! 3
2008-07-15 17:46 . 2008-07-15 17:46 -------- d-----w- c:\program files\Common Files\L&H
2008-07-15 17:46 . 2008-07-15 17:46 -------- d-----w- c:\program files\Microsoft.NET
2008-07-15 17:46 . 2008-07-15 17:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2008-07-15 17:45 . 2008-07-15 17:45 -------- d-----w- c:\program files\Microsoft Works
2008-07-15 17:38 . 2008-07-15 17:38 -------- d-----w- c:\program files\Windows Media Connect 2
2008-07-15 17:35 . 2008-07-15 17:35 -------- d-----w- c:\program files\Real
2008-07-15 17:35 . 2008-07-15 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2008-07-15 17:31 . 2008-07-15 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2008-07-15 17:31 . 2008-07-15 17:31 -------- d-----w- c:\documents and settings\خالد\Application Data\GRETECH
2008-07-15 17:31 . 2008-07-15 17:31 -------- d-----w- c:\program files\GRETECH
2008-07-15 17:08 . 2008-07-15 17:08 -------- d-----w- c:\program files\microsoft frontpage
2008-07-15 17:06 . 2008-07-15 17:06 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
2008-07-11 08:55 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2008-07-11 08:55 . 2008-04-14 00:12 347648 -c----w- c:\windows\system32\windowscodecsext.dll
2008-07-06 19:42 . 2008-07-15 17:26 36400 ----a-r- c:\windows\system32\ibmpmsvc.exe
2008-07-06 19:42 . 2008-07-15 17:26 35376 -c--a-r- c:\windows\system32\tpinspm.dll
2008-07-06 19:42 . 2008-07-15 17:26 21040 ----a-r- c:\windows\system32\drivers\ibmpmdrv.sys
2008-07-01 06:04 . 2008-07-01 06:04 34312 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2008-07-01 05:57 . 2008-07-01 05:57 53256 ----a-w- c:\windows\system32\drivers\easdrv.sys
2008-07-01 05:56 . 2008-07-01 05:56 39944 ----a-w- c:\windows\system32\drivers\eamon.sys
2008-06-21 11:10 . 2008-02-28 09:25 8813777 -c--a-w- c:\windows\system32\SRPRSig.dll
2008-06-21 11:09 . 2008-04-17 12:44 6538067 -c--a-w- c:\windows\system32\SRPFSig.dll
2008-06-21 11:08 . 2008-04-17 12:44 623157 -c--a-w- c:\windows\system32\SRPESig.dll
2008-06-20 17:46 . 2004-08-03 21:56 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2004-08-03 20:14 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:40 . 2004-08-03 20:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-06-20 11:08 . 2004-08-03 20:07 225856 -c--a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-13 11:05 . 2008-07-15 17:21 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2008-05-09 10:53 . 2004-08-03 21:56 90112 ----a-w- c:\windows\system32\wshext.dll
2008-05-09 10:53 . 2004-08-03 21:56 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-05-09 10:53 . 2004-08-03 21:56 172032 -c--a-w- c:\windows\system32\scrrun.dll
2008-05-09 10:53 . 2004-08-03 21:56 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-05-08 14:02 . 2001-08-23 12:00 203136 -c--a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24 . 2004-08-03 21:56 155648 ----a-w- c:\windows\system32\wscript.exe
2008-05-07 09:07 . 2004-08-03 21:56 135168 -c--a-w- c:\windows\system32\cscript.exe
2008-05-07 05:12 . 2004-08-03 21:56 1288192 ----a-w- c:\windows\system32\quartz.dll
2008-04-14 15:59 . 2001-08-23 19:00 1384479 --sha-r- c:\windows\system32\MSVBVM60.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-11-26 15:05 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3955040]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SiteAdvisor"="c:\program files\SiteAdvisor\6173\SiteAdv.exe" [2007-08-28 36640]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon LASER SHOT LBP-1120 Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK
backup=c:\windows\pss\Canon LASER SHOT LBP-1120 Status Window.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon LASER SHOT LBP-1120 ھ¬؛Aµّµ،.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 ھ¬؛Aµّµ،.LNK
backup=c:\windows\pss\Canon LASER SHOT LBP-1120 ھ¬؛Aµّµ،.LNKCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\الإسطوآآنة الخرآفية\\الجوال\\NokiaSoftwareUpdaterSetup_en.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\Program Files\\ESET\\ESET Smart Security\\egui.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\MSACCESS.EXE"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\Documents and Settings\\خالد\\Desktop\\كاسبر\\kav8.0.0.506en.exe"=
"d:\\1430.8.5\\MdinahForce_Net.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\MdinahForce.exe"=
"c:\\PROGRA~1\\mcafee\\msc\\mcshell.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE"=
"c:\\Program Files\\SiteAdvisor\\6173\\SiteAdv.exe"=
"c:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\mcinst.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28/09/2008 11:57 م 28544]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01/07/2008 09:04 ص 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [01/07/2008 09:02 ص 468224]
S2 gupdate1c9e16c4c55f72;خدمة تحديث Google (gupdate1c9e16c4c55f72);c:\program files\Google\Update\GoogleUpdate.exe [31/05/2009 12:17 ص 133104]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys --> c:\windows\system32\DRIVERS\br3gmdm.sys [?]
S3 NSPacket;NextSecurity Packet Driver;c:\windows\system32\drivers\nspacket.sys [05/10/2008 01:46 م 32768]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [03/10/2008 10:44 م 332928]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 WZCOOK;WEP/WPA-PMK key recovery service; [x]
.
Contents of the 'Scheduled Tasks' folder
2008-08-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 21:15]
2008-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 21:17]
2008-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 21:17]
2008-08-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-02 10:32]
2008-08-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-02 10:32]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-www.cproxy - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googel.com./
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} - hxxp://operations.icdlgcc.com/atsdemo/arabic/ats/ActiveXATS.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-03 16:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-527237240-1454471165-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"
[HKEY_USERS\S-1-5-21-527237240-1454471165-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*b*u*)* \OpenWithList]
@Class="Shell"
"a"="ContentCopier.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3384)
c:\program files\SiteAdvisor\6173\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2008-08-03 16:33
ComboFix-quarantined-files.txt 2008-08-03 13:33
Pre-Run: 23,765,524,480 bytes free
Post-Run: 24,324,440,064 bytes free
340 --- E O F --- 2008-08-09 14:18

الباشق1 · 2 أغسطس 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:35:21 م, on 03/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\CAP3RSK.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\خالد\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_19\bin\npjpi142_19.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: خدمة تحديث Google (gupdate1c9e16c4c55f72) (gupdate1c9e16c4c55f72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

--
End of file - 8774 bytes

الباشق1 · 2 أغسطس 2009

اخي العزيز تقرير الاداة وتقرير الثاني من HijackThis
لعلمك انه لم يعد التشغيل ولم يطلب اعادة التشغيل على طول ظهر التقرير

فارس الملاك · 2 أغسطس 2009

عزيزي انت مركب ثلاث برامج حماية ؟؟

احذفهم كلهم وركب واحد من جديد >>>> ياليت الكاسبر

واحذف هالقيم

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/244E~1/LOCALS~1/...p_image002.gif

=======

طريقة الحذف

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

=================================

استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومى متألق

زيزوومى محترف

توقيع : Future Tank X-1

زيزوومى متألق

زيزوومى محترف

توقيع : Future Tank X-1

زيزوومى فضى

توقيع : Corporation

زيزوومى فضى

توقيع : Corporation

زيزوومى متألق

زيزوومى فضى

توقيع : البارون

زيزوومى متألق

زيزوومى متألق

زيزوومى محترف

توقيع : Future Tank X-1

زيزوومى متألق

زيزوومى مميز

زيزوومى متألق

زيزوومى محترف

توقيع : فارس الملاك

زيزوومى متألق

زيزوومى محترف

توقيع : فارس الملاك

زيزوومى متألق

زيزوومى متألق

زيزوومى متألق

زيزوومى محترف

توقيع : فارس الملاك

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم