(( كيف تعرف ان جهازك مخترق بالطريقة الصحيحة ))

[thamer300]

السلام عليكم
لو تكرمت يااافهيدااان (تكفى لا تردني )
شف تقريري
=====================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:06:05 AM, on 18/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Wyzo\wyzo.exe
C:\Program Files\Wyzo\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &لوحة مفاتيح ظاهرية - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: فحص عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6022 bytes

=========================


واش المطلوووب بعد؟

 

[fahd]

أخواني الأعزاء
التقارير تطرح بالقسم المخصص لها وهو

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

شوفوا الصورة التالية

​

 

[الوافي010]

هاذا تقريري وأنشالله ترد علي فقرب فرصه أوكk:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:35 ص, on 20/11/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\kuz\My Documents\Downloads\HiJackThis.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [GSISETUP] E:\Driver\DSL-20~2\setup.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 5886 bytes
​

 

[العاني]

السلام عليكم حبيت بغد تجربة الاداة انزلكم التقرير .

*********** تقرير الهايجاك ***********
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:17:26 م, on 21/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\netcut\services\AIPS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\netcut\netcut.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\مجلدغريب\Apocalypse143\Apocalypse143\Client.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\عمر\My Documents\Downloads\Compressed\مجلد جديد (4)\Zyzoom_Report_Tool.exe
C:\DOCUME~1\2A0D~1\LOCALS~1\Temp\Ht.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 190.168.1.3 alani230.no-ip.biz
O1 - Hosts: 190.168.1.3 alani230.no-ip.biz
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [srv32win] C:\Program Files\NetServer\netserve.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0
O4 - HKCU\..\Run: [srv32win] C:\Program Files\NetServer\netserve.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O23 - Service: Arp Intelligent Protection Service (AIPS) - Arcai.com - C:\Program Files\netcut\services\AIPS.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6734 bytes


*********** تقرير مسجل النظام ***********

"Silent Runners.vbs", revision 60,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Operating System: Windows XP SP3
Search enabled of all directories on local fixed drives for DESKTOP.INI
DLL launch points
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"Wisdom-soft AutoScreenRecorder 3.1 Pro" = "0" [file not found]
"srv32win" = "C:\Program Files\NetServer\netserve.exe" ["Retina-X Studios, LLC"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"TkBellExe" = ""C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot" ["RealNetworks, Inc."]
"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira Operations GmbH & Co. KG"]
"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"srv32win" = "C:\Program Files\NetServer\netserve.exe" ["Retina-X Studios, LLC"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Hotspot Shield Class"
\InProcServer32\(Default) = "C:\Program Files\Hotspot Shield\HssIE\HssIE.dll" ["AnchorFree Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "ملحق Display Panning CPL"
-> {HKLM...CLSID} = "ملحق Display Panning CPL"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira Operations GmbH & Co. KG"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "أجهزة التوصيل والتشغيل العالمي"
-> {HKLM...CLSID} = "أجهزة التوصيل والتشغيل العالمي"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira Operations GmbH & Co. KG"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira Operations GmbH & Co. KG"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSMHelp" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\عمر\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

GOMPlayDVDOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.DVD"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]

GOMPlayMediaOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.MediaFile"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe" ["Gretech Corp."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Real\RealPlayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

C:\WINDOWS\Offline Web Pages\DESKTOP.INI
[.ShellClassInfo]
CLSID={F5175861-2688-11d0-9C5E-00AA00A45957}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]


Enabled Scheduled Tasks:
------------------------

"RealUpgradeLogonTaskS-1-5-21-1801674531-606747145-1644491937-1001" -> launches: "C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-1801674531-606747145-1644491937-1001" -> launches: "C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck" ["RealNetworks, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


HOSTS file
----------

C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 3 domain names to IP addresses,
2 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Arp Intelligent Protection Service, AIPS, "C:\Program Files\netcut\services\AIPS.exe" ["Arcai.com"]
Avira Realtime Protection, AntiVirService, ""C:\Program Files\Avira\AntiVir Desktop\avguard.exe"" ["Avira Operations GmbH & Co. KG"]
Avira Scheduler, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira Operations GmbH & Co. KG"]
Hotspot Shield Monitoring Service, HssWd, "C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS" [null data]
Hotspot Shield Routing Service, HssSrv, "C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe" ["AnchorFree Inc."]
Hotspot Shield Service, hshld, "C:\Program Files\Hotspot Shield\bin\openvpnas.exe" [null data]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]


---------- (launch time: 2011-11-21 21:17:30)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 34 seconds.
---------- (total run time: 71 seconds)


*********** جميع عمليات الذاكرة ***********

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\netcut\services\AIPS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\netcut\netcut.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\مجلدغريب\Apocalypse143\Apocalypse143\Client.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\عمر\My Documents\Downloads\Compressed\مجلد جديد (4)\Zyzoom_Report_Tool.exe


*********** عمليات الذاكره الغير موقعه رقميا _ بدون عمليات النظام _ ***********

C:\Program Files\netcut\services\AIPS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\netcut\netcut.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\No-IP\DUC20.exe
D:\مجلدغريب\Apocalypse143\Apocalypse143\Client.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\عمر\My Documents\Downloads\Compressed\مجلد جديد (4)\Zyzoom_Report_Tool.exe


*********** المجلدات والملفات التي تم انشاؤها في آخر شهر ***********

2011-11-21 21:17:24 ----A---- C:\zzlog.txt
2011-11-21 21:17:24 ----A---- C:\WINDOWS\system32\Gif89.dll
2011-11-21 20:50:43 ----D---- C:\Program Files\PC Icon Extractor
2011-11-21 20:50:43 ----D---- C:\Program Files\Common Files\Program4Pc
2011-11-21 20:50:43 ----A---- C:\WINDOWS\PC Icon Extractor Uninstaller.exe
2011-11-20 22:47:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-11-20 19:45:50 ----D---- C:\WINDOWS\system32\NtmsData
2011-11-20 12:36:41 ----HD---- C:\Windupdt
2011-11-20 02:36:28 ----D---- C:\Program Files\Star Downloader
2011-11-20 02:29:29 ----D---- C:\Program Files\VirusTotalUploader2
2011-11-19 19:53:45 ----D---- C:\Program Files\MyLanViewer
2011-11-19 16:25:02 ----D---- C:\WINDOWS\system32\appmgmt
2011-11-19 16:15:10 ----SHD---- C:\RECYCLER
2011-11-19 16:05:59 ----D---- C:\Documents and Settings\عمر\Application Data\SmartCode Solutions
2011-11-19 15:59:49 ----RSD---- C:\WINDOWS\assembly
2011-11-19 15:59:14 ----D---- C:\WINDOWS\system32\en-US
2011-11-19 15:59:08 ----D---- C:\Program Files\Microsoft.NET
2011-11-19 15:59:06 ----D---- C:\WINDOWS\Microsoft.NET
2011-11-19 15:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\webcamXP 5
2011-11-19 15:48:34 ----D---- C:\Program Files\wLite
2011-11-19 15:47:04 ----D---- C:\Documents and Settings\عمر\Application Data\GetRightToGo
2011-11-19 15:36:44 ----D---- C:\Documents and Settings\عمر\Application Data\EMCO
2011-11-19 15:36:43 ----D---- C:\Documents and Settings\All Users\Application Data\EMCO
2011-11-19 15:28:36 ----D---- C:\Documents and Settings\عمر\Application Data\FileZilla
2011-11-19 04:58:17 ----D---- C:\WINDOWS\pss
2011-11-19 04:03:03 ----D---- C:\Program Files\No-IP
2011-11-19 03:37:59 ----D---- C:\Documents and Settings\All Users\Application Data\hssff
2011-11-19 02:31:56 ----A---- C:\WINDOWS\system32\h323log.txt
2011-11-19 02:30:50 ----A---- C:\WINDOWS\system32\usbui.dll
2011-11-19 02:29:45 ----A---- C:\WINDOWS\imsins.BAK
2011-11-19 02:29:42 ----SHD---- C:\WINDOWS\Installer
2011-11-19 02:29:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-19 02:29:41 ----D---- C:\Program Files\Common Files\ODBC
2011-11-19 02:29:41 ----A---- C:\WINDOWS\ODBCINST.INI
2011-11-19 02:29:37 ----RD---- C:\Program Files
2011-11-19 02:29:37 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-11-19 02:29:37 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-11-19 02:29:37 ----D---- C:\Program Files\Common Files
2011-11-19 02:29:18 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2011-11-19 02:29:18 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2011-11-19 02:29:18 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdur.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdru.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2011-11-19 02:29:15 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2011-11-19 02:29:12 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2011-11-19 02:29:12 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2011-11-19 02:29:12 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2011-11-19 02:29:12 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2011-11-19 02:29:12 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2011-11-19 02:29:12 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2011-11-19 02:29:12 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2011-11-19 02:29:10 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2011-11-19 02:29:10 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2011-11-19 02:29:10 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2011-11-19 02:29:10 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2011-11-19 02:29:10 ----RA---- C:\WINDOWS\system32\kbdest.dll
2011-11-19 02:29:08 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2011-11-19 02:29:08 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2011-11-19 02:29:08 ----RA---- C:\WINDOWS\system32\kbdro.dll
2011-11-19 02:29:08 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2011-11-19 02:29:07 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2011-11-19 02:29:03 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
2011-11-19 02:29:03 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
2011-11-19 02:29:03 ----RA---- C:\WINDOWS\system32\kbdarme.dll
2011-11-19 02:29:03 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2011-11-19 02:29:02 ----RA---- C:\WINDOWS\system32\kbdintel.dll
2011-11-19 02:29:02 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
2011-11-19 02:29:02 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
2011-11-19 02:29:02 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
2011-11-19 02:29:01 ----RA---- C:\WINDOWS\system32\kbdintam.dll
2011-11-19 02:29:01 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
2011-11-19 02:29:01 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
2011-11-19 02:29:01 ----RA---- C:\WINDOWS\system32\kbdindev.dll
2011-11-19 02:29:01 ----A---- C:\WINDOWS\system32\c_iscii.dll
2011-11-19 02:29:00 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
2011-11-19 02:28:58 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
2011-11-19 02:28:58 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
2011-11-19 02:28:57 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
2011-11-19 02:28:57 ----RA---- C:\WINDOWS\system32\kbdfa.dll
2011-11-19 02:28:57 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
2011-11-19 02:28:57 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
2011-11-19 02:28:57 ----A---- C:\WINDOWS\system32\kbdusa.dll
2011-11-19 02:28:52 ----RA---- C:\WINDOWS\system32\kbdheb.dll
2011-11-19 02:28:43 ----RA---- C:\WINDOWS\system32\kbdth3.dll
2011-11-19 02:28:43 ----RA---- C:\WINDOWS\system32\kbdth2.dll
2011-11-19 02:28:43 ----RA---- C:\WINDOWS\system32\kbdth1.dll
2011-11-19 02:28:43 ----RA---- C:\WINDOWS\system32\kbdth0.dll
2011-11-19 02:28:43 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2011-11-19 02:28:40 ----A---- C:\WINDOWS\system32\irclass.dll
2011-11-19 02:28:40 ----A---- C:\WINDOWS\system32\dgsetup.dll
2011-11-19 02:28:40 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2011-11-19 02:28:39 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-11-19 02:28:39 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2011-11-19 02:28:36 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2011-11-19 02:28:36 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-11-19 02:28:36 ----A---- C:\WINDOWS\system32\batt.dll
2011-11-19 02:28:35 ----A---- C:\WINDOWS\NOTEPAD.EXE
2011-11-19 02:28:34 ----A---- C:\WINDOWS\system32\storprop.dll
2011-11-19 02:28:26 ----ASH---- C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\desktop.ini
2011-11-19 02:28:26 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2011-11-19 02:26:18 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-19 02:26:18 ----D---- C:\WINDOWS\system32\CatRoot
2011-11-19 02:26:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-11-19 02:25:54 ----A---- C:\WINDOWS\setuplog.txt
2011-11-19 02:25:51 ----D---- C:\Documents and Settings
2011-11-19 02:25:17 ----SH---- C:\boot.ini
2011-11-19 02:25:14 ----A---- C:\WINDOWS\system32\$winnt$.inf
2011-11-19 02:08:00 ----SHD---- C:\System Volume Information
2011-11-19 02:01:38 ----D---- C:\temp
2011-11-19 01:52:57 ----SD---- C:\WINDOWS\Offline Web Pages
2011-11-19 01:52:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-11-19 01:52:57 ----RSD---- C:\WINDOWS\Fonts
2011-11-19 01:52:57 ----RD---- C:\WINDOWS\Web
2011-11-19 01:52:57 ----HD---- C:\WINDOWS\inf
2011-11-19 01:52:57 ----D---- C:\WINDOWS\WinSxS
2011-11-19 01:52:57 ----D---- C:\WINDOWS\WBEM
2011-11-19 01:52:57 ----D---- C:\WINDOWS\twain_32
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Temp
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\wins
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\wbem
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\usmt
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\spool
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\ShellExt
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\Setup
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\ras
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\oobe
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\npp
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\mui
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\inetsrv
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\IME
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\icsxml
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\ias
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\export
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\drivers
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\dhcp
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\config
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\ar-sa
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\ar
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\3com_dmi
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\3076
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\2052
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\1054
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\1042
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\1041
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\1037
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\1033
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\1031
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\1028
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32\1025
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system32
2011-11-19 01:52:57 ----D---- C:\WINDOWS\system
2011-11-19 01:52:57 ----D---- C:\WINDOWS\security
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Resources
2011-11-19 01:52:57 ----D---- C:\WINDOWS\repair
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Provisioning
2011-11-19 01:52:57 ----D---- C:\WINDOWS\PeerNet
2011-11-19 01:52:57 ----D---- C:\WINDOWS\PCHealth
2011-11-19 01:52:57 ----D---- C:\WINDOWS\NLDRV
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Network Diagnostic
2011-11-19 01:52:57 ----D---- C:\WINDOWS\mui
2011-11-19 01:52:57 ----D---- C:\WINDOWS\msapps
2011-11-19 01:52:57 ----D---- C:\WINDOWS\msagent
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Media
2011-11-19 01:52:57 ----D---- C:\WINDOWS\L2Schemas
2011-11-19 01:52:57 ----D---- C:\WINDOWS\java
2011-11-19 01:52:57 ----D---- C:\WINDOWS\ime
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Help
2011-11-19 01:52:57 ----D---- C:\WINDOWS\ehome
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Driver Cache
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Debug
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Cursors
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Connection Wizard
2011-11-19 01:52:57 ----D---- C:\WINDOWS\Config
2011-11-19 01:52:57 ----D---- C:\WINDOWS\AppPatch
2011-11-19 01:52:57 ----D---- C:\WINDOWS\addins
2011-11-19 01:52:57 ----D---- C:\WINDOWS
2011-11-19 01:27:10 ----D---- C:\Documents and Settings\All Users\Application Data\NSPData
2011-11-19 01:27:00 ----D---- C:\Program Files\NetServer
2011-11-19 01:12:56 ----D---- C:\Program Files\WinPcap
2011-11-19 01:12:48 ----D---- C:\Program Files\netcut
2011-11-19 01:10:15 ----D---- C:\WINDOWS\Sun
2011-11-19 00:53:40 ----D---- C:\WINDOWS\SoftwareDistribution
2011-11-19 00:53:30 ----SD---- C:\WINDOWS\system32\Microsoft
2011-11-19 00:53:30 ----D---- C:\WINDOWS\Prefetch
2011-11-19 00:53:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxtray.exe
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxress.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxpph.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxhk.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxext.exe
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxexps.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxeud.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxdo.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxdiag.exe
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxdgps.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxdev.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\ialmrem.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\ialmgicd.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\ialmgdev.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\iAlmCoIn_v3889.dll
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\hkcmd.exe
2011-11-19 00:51:55 ----A---- C:\WINDOWS\system32\hccutils.dll
2011-11-19 00:51:49 ----RA---- C:\WINDOWS\system32\FltrCoi.dll
2011-11-19 00:51:49 ----RA---- C:\WINDOWS\LoadDll.dll
2011-11-19 00:51:29 ----A---- C:\WINDOWS\system32\NicInst.dll
2011-11-19 00:51:29 ----A---- C:\WINDOWS\system32\NicCo2.dll
2011-11-19 00:51:29 ----A---- C:\WINDOWS\system32\e100bmsg.dll
2011-11-19 00:46:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-11-19 00:45:59 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2011-11-19 00:45:59 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2011-11-19 00:45:59 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2011-11-19 00:45:59 ----A---- C:\WINDOWS\Alcrmv.exe
2011-11-19 00:45:49 ----A---- C:\WINDOWS\system32\ksuser.dll
2011-11-19 00:45:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-11-19 00:45:45 ----A---- C:\WINDOWS\system32\sfms32.dll
2011-11-19 00:45:45 ----A---- C:\WINDOWS\system32\sfman32.dll
2011-11-19 00:45:45 ----A---- C:\WINDOWS\system32\P16Xres.dll
2011-11-19 00:45:45 ----A---- C:\WINDOWS\system32\P16X.dll
2011-11-19 00:45:45 ----A---- C:\WINDOWS\system32\A3d.dll
2011-11-19 00:41:42 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-11-19 00:38:19 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-11-19 00:38:18 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-19 00:38:09 ----A---- C:\WINDOWS\control.ini
2011-11-19 00:38:09 ----A---- C:\AUTOEXEC.BAT
2011-11-19 00:37:54 ----A---- C:\WINDOWS\OEWABLog.txt
2011-11-19 00:37:51 ----A---- C:\WINDOWS\system32\mapi32.dll
2011-11-19 00:37:50 ----D---- C:\WINDOWS\system32\dllcache
2011-11-19 00:37:18 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2011-11-19 00:37:15 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2011-11-19 00:37:11 ----HD---- C:\Program Files\WindowsUpdate
2011-11-19 00:37:08 ----D---- C:\Program Files\Online Services
2011-11-19 00:36:58 ----D---- C:\Program Files\Windows Media Connect 2
2011-11-19 00:36:38 ----D---- C:\WINDOWS\system32\DirectX
2011-11-19 00:36:07 ----D---- C:\Program Files\Common Files\Java
2011-11-19 00:35:52 ----A---- C:\WINDOWS\system32\javaws.exe
2011-11-19 00:35:52 ----A---- C:\WINDOWS\system32\javaw.exe
2011-11-19 00:35:52 ----A---- C:\WINDOWS\system32\java.exe
2011-11-19 00:35:28 ----A---- C:\WINDOWS\system32\desktop.ini
2011-11-19 00:35:28 ----A---- C:\WINDOWS\desktop.ini
2011-11-19 00:35:20 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2011-11-19 00:35:19 ----D---- C:\Program Files\Common Files\Services
2011-11-19 00:35:19 ----A---- C:\WINDOWS\system32\acctres.dll
2011-11-19 00:35:16 ----SD---- C:\WINDOWS\Tasks
2011-11-19 00:35:16 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2011-11-19 00:35:14 ----D---- C:\Program Files\Common Files\MSSoap
2011-11-19 00:35:07 ----D---- C:\WINDOWS\system32\Macromed
2011-11-19 00:35:04 ----A---- C:\WINDOWS\system32\wuweb.dll
2011-11-19 00:35:04 ----A---- C:\WINDOWS\system32\wups.dll
2011-11-19 00:35:04 ----A---- C:\WINDOWS\system32\wucltui.dll
2011-11-19 00:35:04 ----A---- C:\WINDOWS\system32\wuauserv.dll
2011-11-19 00:35:04 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2011-11-19 00:35:04 ----A---- C:\WINDOWS\system32\wuaueng.dll
2011-11-19 00:35:03 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2011-11-19 00:35:03 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-11-19 00:35:03 ----A---- C:\WINDOWS\system32\wuapi.dll
2011-11-19 00:35:03 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2011-11-19 00:35:03 ----A---- C:\WINDOWS\system32\qmgr.dll
2011-11-19 00:35:03 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2011-11-19 00:35:03 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2011-11-19 00:35:03 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2011-11-19 00:34:58 ----D---- C:\Program Files\Movie Maker
2011-11-19 00:34:34 ----D---- C:\WINDOWS\system32\Restore
2011-11-19 00:34:34 ----A---- C:\WINDOWS\system32\srsvc.dll
2011-11-19 00:34:34 ----A---- C:\WINDOWS\system32\srrstr.dll
2011-11-19 00:34:34 ----A---- C:\WINDOWS\system32\srclient.dll
2011-11-19 00:34:34 ----A---- C:\WINDOWS\system32\fltMc.exe
2011-11-19 00:34:34 ----A---- C:\WINDOWS\system32\fltlib.dll
2011-11-19 00:34:33 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2011-11-19 00:34:33 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-11-19 00:34:33 ----A---- C:\WINDOWS\system32\mnmdd.dll
2011-11-19 00:34:33 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2011-11-19 00:34:33 ----A---- C:\WINDOWS\system32\ils.dll
2011-11-19 00:34:32 ----A---- C:\WINDOWS\system32\msconf.dll
2011-11-19 00:34:29 ----D---- C:\Program Files\NetMeeting
2011-11-19 00:34:29 ----A---- C:\WINDOWS\system32\msoert2.dll
2011-11-19 00:34:29 ----A---- C:\WINDOWS\system32\msoeacct.dll
2011-11-19 00:34:28 ----A---- C:\WINDOWS\system32\inetres.dll
2011-11-19 00:34:27 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-11-19 00:34:25 ----D---- C:\Program Files\Outlook Express
2011-11-19 00:34:25 ----A---- C:\WINDOWS\system32\schedsvc.dll
2011-11-19 00:34:25 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-11-19 00:34:25 ----A---- C:\WINDOWS\system32\mstask.dll
2011-11-19 00:34:25 ----A---- C:\WINDOWS\system32\icwphbk.dll
2011-11-19 00:34:25 ----A---- C:\WINDOWS\system32\icwdial.dll
2011-11-19 00:34:24 ----A---- C:\WINDOWS\system32\isign32.dll
2011-11-19 00:34:24 ----A---- C:\WINDOWS\system32\inetcfg.dll
2011-11-19 00:34:17 ----D---- C:\Program Files\Common Files\System
2011-11-19 00:34:16 ----D---- C:\Program Files\Internet Explorer
2011-11-19 00:33:43 ----D---- C:\Program Files\ComPlus Applications
2011-11-19 00:33:41 ----A---- C:\WINDOWS\vbaddin.ini
2011-11-19 00:33:41 ----A---- C:\WINDOWS\vb.ini
2011-11-19 00:33:38 ----D---- C:\WINDOWS\Registration
2011-11-19 00:33:32 ----D---- C:\Program Files\Windows Media Player
2011-11-19 00:33:27 ----A---- C:\WINDOWS\system32\write.exe
2011-11-19 00:33:20 ----A---- C:\WINDOWS\system32\sndvol32.exe
2011-11-19 00:33:20 ----A---- C:\WINDOWS\system32\hticons.dll
2011-11-19 00:33:20 ----A---- C:\WINDOWS\system32\avwav.dll
2011-11-19 00:33:20 ----A---- C:\WINDOWS\system32\avmeter.dll
2011-11-19 00:33:19 ----A---- C:\WINDOWS\system32\winchat.exe
2011-11-19 00:33:19 ----A---- C:\WINDOWS\system32\avtapi.dll
2011-11-19 00:33:11 ----A---- C:\WINDOWS\system32\getuname.dll
2011-11-19 00:33:11 ----A---- C:\WINDOWS\system32\charmap.exe
2011-11-19 00:33:10 ----A---- C:\WINDOWS\system32\winmine.exe
2011-11-19 00:33:10 ----A---- C:\WINDOWS\system32\sol.exe
2011-11-19 00:33:10 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-11-19 00:33:10 ----A---- C:\WINDOWS\system32\freecell.exe
2011-11-19 00:33:10 ----A---- C:\WINDOWS\system32\calc.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\tslabels.ini
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\tskill.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\tscon.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\shadow.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\rwinsta.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\reset.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\regini.exe
2011-11-19 00:33:09 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2011-11-19 00:33:08 ----A---- C:\WINDOWS\system32\qwinsta.exe
2011-11-19 00:33:08 ----A---- C:\WINDOWS\system32\qappsrv.exe
2011-11-19 00:33:08 ----A---- C:\WINDOWS\system32\msg.exe
2011-11-19 00:33:08 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2011-11-19 00:33:08 ----A---- C:\WINDOWS\system32\logoff.exe
2011-11-19 00:33:08 ----A---- C:\WINDOWS\system32\cdmodem.dll
2011-11-19 00:33:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2011-11-19 00:33:00 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-11-19 00:32:59 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-11-19 00:32:59 ----A---- C:\WINDOWS\system32\mplay32.exe
2011-11-19 00:32:59 ----A---- C:\WINDOWS\system32\hypertrm.dll
2011-11-19 00:32:58 ----RA---- C:\WINDOWS\system32\mspaint.exe
2011-11-19 00:32:58 ----D---- C:\Program Files\Windows NT
2011-11-19 00:32:58 ----A---- C:\WINDOWS\system32\clipbrd.exe
2011-11-19 00:32:57 ----A---- C:\WINDOWS\system32\spider.exe
2011-11-19 00:32:56 ----A---- C:\WINDOWS\system32\tsgqec.dll
2011-11-19 00:32:56 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2011-11-19 00:32:56 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2011-11-19 00:32:56 ----A---- C:\WINDOWS\system32\aaclient.dll
2011-11-19 00:32:54 ----RA---- C:\WINDOWS\system32\mstscax.dll
2011-11-19 00:32:54 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-11-19 00:32:54 ----A---- C:\WINDOWS\system32\remotepg.dll
2011-11-19 00:32:54 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-11-19 00:32:54 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-11-19 00:32:54 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-11-19 00:32:53 ----A---- C:\WINDOWS\system32\termsrv.dll
2011-11-19 00:32:53 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2011-11-19 00:32:53 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2011-11-19 00:32:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-11-19 00:32:53 ----A---- C:\WINDOWS\system32\rdchost.dll
2011-11-19 00:32:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-11-19 00:32:53 ----A---- C:\WINDOWS\system32\icaapi.dll
2011-11-19 00:32:52 ----RA---- C:\WINDOWS\system32\mtxoci.dll
2011-11-19 00:32:52 ----RA---- C:\WINDOWS\system32\msdtcuiu.dll
2011-11-19 00:32:52 ----RA---- C:\WINDOWS\system32\msdtcprx.dll
2011-11-19 00:32:52 ----D---- C:\WINDOWS\system32\MsDtc
2011-11-19 00:32:52 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2011-11-19 00:32:51 ----RA---- C:\WINDOWS\system32\msdtctm.dll
2011-11-19 00:32:51 ----RA---- C:\WINDOWS\system32\msdtclog.dll
2011-11-19 00:32:51 ----A---- C:\WINDOWS\system32\xolehlp.dll
2011-11-19 00:32:51 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-11-19 00:32:50 ----D---- C:\WINDOWS\system32\Com
2011-11-19 00:32:50 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2011-11-19 00:32:50 ----A---- C:\WINDOWS\system32\mtxex.dll
2011-11-19 00:32:50 ----A---- C:\WINDOWS\system32\mtxdm.dll
2011-11-19 00:32:50 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-11-19 00:32:50 ----A---- C:\WINDOWS\system32\colbact.dll
2011-11-19 00:32:49 ----A---- C:\WINDOWS\system32\stclient.dll
2011-11-19 00:32:49 ----A---- C:\WINDOWS\system32\comrepl.dll
2011-11-19 00:32:49 ----A---- C:\WINDOWS\system32\comaddin.dll
2011-11-19 00:32:49 ----A---- C:\WINDOWS\system32\clbcatex.dll
2011-11-19 00:32:49 ----A---- C:\WINDOWS\system32\catsrvps.dll
2011-11-19 00:32:48 ----A---- C:\WINDOWS\system32\comsvcs.dll
2011-11-19 00:32:48 ----A---- C:\WINDOWS\system32\catsrvut.dll
2011-11-19 00:32:48 ----A---- C:\WINDOWS\system32\catsrv.dll
2011-11-19 00:32:47 ----A---- C:\WINDOWS\system32\comuid.dll
2011-11-19 00:32:47 ----A---- C:\WINDOWS\system32\comsnap.dll
2011-11-19 00:32:47 ----A---- C:\WINDOWS\system32\clbcatq.dll
2011-11-19 00:32:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2011-11-19 00:32:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2011-11-19 00:32:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2011-11-19 00:32:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2011-11-19 00:25:09 ----D---- C:\Documents and Settings\عمر\Application Data\Mozilla
2011-11-19 00:25:04 ----D---- C:\Program Files\Mozilla Firefox
2011-11-19 00:24:40 ----D---- C:\Documents and Settings\عمر\Application Data\WinRAR
2011-11-19 00:24:38 ----D---- C:\Program Files\WinRAR
2011-11-19 00:22:00 ----D---- C:\Hotspot Shield
2011-11-19 00:21:50 ----D---- C:\Program Files\Hotspot Shield
2011-11-19 00:18:56 ----D---- C:\Documents and Settings\عمر\Application Data\Avira
2011-11-19 00:18:26 ----D---- C:\Program Files\Avira
2011-11-19 00:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2011-11-19 00:17:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2011-11-19 00:17:25 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-11-19 00:17:17 ----D---- C:\Program Files\Java
2011-11-19 00:16:32 ----D---- C:\Documents and Settings\عمر\Application Data\Sun
2011-11-19 00:15:17 ----D---- C:\Program Files\Microsoft
2011-11-19 00:15:02 ----D---- C:\Program Files\Windows Live SkyDrive
2011-11-19 00:14:52 ----D---- C:\Program Files\Windows Live
2011-11-19 00:12:58 ----D---- C:\Program Files\Common Files\Windows Live
2011-11-19 00:12:45 ----D---- C:\Documents and Settings\عمر\Application Data\Macromedia
2011-11-19 00:12:13 ----D---- C:\Program Files\Common Files\xing shared
2011-11-19 00:12:09 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2011-11-19 00:12:07 ----A---- C:\WINDOWS\system32\pndx5032.dll
2011-11-19 00:12:07 ----A---- C:\WINDOWS\system32\pndx5016.dll
2011-11-19 00:12:06 ----A---- C:\WINDOWS\system32\msvcp71.dll
2011-11-19 00:12:04 ----D---- C:\Program Files\Real
2011-11-19 00:12:04 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2011-11-19 00:12:03 ----D---- C:\Documents and Settings\عمر\Application Data\Real
2011-11-19 00:07:52 ----D---- C:\Documents and Settings\عمر\Application Data\GRETECH
2011-11-19 00:07:50 ----D---- C:\Documents and Settings\عمر\Application Data\Adobe
2011-11-19 00:07:44 ----D---- C:\Program Files\GRETECH
2011-11-19 00:07:15 ----D---- C:\Program Files\XP Codec Pack
2011-11-19 00:06:10 ----D---- C:\Program Files\Internet Download Manager
2011-11-19 00:05:41 ----D---- C:\Documents and Settings\عمر\Application Data\IDM
2011-11-19 00:05:41 ----D---- C:\Documents and Settings\عمر\Application Data\DMCache
2011-11-19 00:01:45 ----A---- C:\WINDOWS\system32\igfxres.dll
2011-11-19 00:01:29 ----D---- C:\Documents and Settings\عمر\Application Data\Identities
2011-11-19 00:01:26 ----HD---- C:\Program Files\Uninstall Information
2011-11-19 00:00:35 ----SD---- C:\Documents and Settings\عمر\Application Data\Microsoft
2011-11-19 00:00:35 ----ASH---- C:\Documents and Settings\عمر\قائمة ابدأ\البرامج\بدء التشغيل\desktop.ini
2011-11-19 00:00:35 ----ASH---- C:\Documents and Settings\عمر\Application Data\desktop.ini
2011-10-30 21:37:50 ----A---- C:\Program Files\WNetWatcher.exe





---------------------------------------------------------------------

This Report Created By Zyzoom.org Tools & Silent Runners & HijackThis

 

[mody2000]

بارك الله فيك
​

 

[mostafa3114]

بارك الله فيك على التوضيح

 

[ll-security-ll]

بارك الله فيك وجزاك الله خير​

من بعد اذنك احب ان ابدي معلومة بسيطة​

بخصوص هذا الملف SYSTEM.INI​

تم اختباره على نظام
وندوز XP <-------النتيجة CGA40WOA.FON= CGA40850.FON​

وندوز 7 <-------النتيجة CGA40WOA.FON= CGA40WOA.FON​

معا العلم تم فحص الجهاز بجميع برامج مكافحة التجسس وبرامج الحماية ولم يتبين اي اصابة
ايضا معا متابعة مايدور من اتصالات خارجية وعمليات في الجهاز واخذ تقارير وكانت سليمة​

اما بخصوص التاكد من وجود ملف تجسس متصل فالحل بسيط
لمن يخاف من تثبيت البرامج​

اغلاق جميع البرامج / متصفح - مراسلة
السبب لتحديد بشكل ادق ​

الاهم وجود الاتصال للانترنت​

(( ابدا )) ثم (( تشغيل )) ثم نكتب الكلمة (( CMD )) ثم (( NETSTAT -ANO )) ثم الضغط على(( انتر ))​

(( START )) (( RUN )) ((CMD)) (( NETSTAT -ANO ))​

الصورة بالتفصيل

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

الرقم 1 / هو الامر المدخل
الرقم 2 / الاي بي المتصل الخارجي + المنفذ
الرقم 3 / معرف العملية المتصلة​

المهم :-​

الاي بي المتصل الخارجي + المنفذ
معرف العملية المتصله
التعرف على المنافذ الخطيرة لتحديد بشكل اسرع​

(( على سبيل المثال )) وجود ملف تجسس في داخل الجهاز لبرنامج بيفروست ومتصل على البورت 81​

سيظهر لنا في هذه القائمة وللكشف عن الملف المصدر المتصل نشاهد المعرف للعملية
ومن ثم نبحث عليه في
ادارة المهام - العمليات - من الشريط العلوي نختار عرض - تحديدالاعمدة - نؤشر على خيار PID​

والبحث عن المعرف الذي وجدناه​

ملاحظة : بعض الباتشات تكون مخفية في القائمة لكن يوجد الكثير من البرامج لمثل هذه المهام​

تحذير امني : لا تقم بالتحميل لمثل هذه البرامج بشكل عشوائي ابحث عن المصدر الموثوق
ويوجد في المنتدى العديد من المواضيع الخاصة بمثل هذه البرامج​

توضيح: في حال اردت ان يقوم الامر بالتحديث مستمر فقط اكتب​

NETSTAT -ANO 5
الرقم 5 بمكانك تغييره باي رقم يناسبك فهو يقوم بعملية التحديث للقائمة بعد كل خمس ثواني​

ايضا هنالك الامر​

NETSTAT -B
يبين لك الاتصالات للعمليات المتصلة في حال اردت التحديد بشكل ادق​

بالتوفيق​

 

[الشاهيني]

الطريقة اكيد غير صحيحة وببساطة للتأكد عند اول فورمات للحاسبة وقبل تنصيب البرامج ادخل كمامشروح سابقا وسترى ان نفس المعلومات التي تشير الى وجود فيروسات موجودة.

 

[أبو عبد الرحمن.]

:no::no:معلش يا اخوانا
بصراحة تهت ومعرفتش اعمل حاجة منهم :b::b:
ومشكور الاخ الغالي

 

[ارغب في زمن اخر]

جزاك الله كل خير ~

 

[أسيرالريم]

جزاك الله خير على هذه المعلومات القيمة

 

[هات من الاخر]

سعطيك العافية

 

[fadi-sheikh]

ممكن تقلي في اي قسم اضع مشاركتي مع التقارير المطلوبة يعني اقصد يجب علي وضعها في موضوع جديد

 

[أبو عائشهأبو عائشه is verified member.]

بارك الله فيكم على الموضوع الرائع

تسلم الأيادي

 

[DagALkeef]

.~. لآهنت لبى قلبككككككككككككككككككككككك .~.

 

[محمد555]

معلومات جميله جدا وفقك الله لما فيه الخير كله

 

[احساس شايب]

كلام سليم اخي فهد


جزاك الله خير

 

[جويل الشرقيه]

 

[سافر حبيب الروح]

الله يعطيك العافية يافهد بارك الله في جهودك ورفع الله قدرك

 

[وهج]

الله يعطيك العافيه ،