صادفة ثقل في الجهاز وخفت يكون مخترق؟

  • بادئ الموضوع بادئ الموضوع moad3
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,204
M

moad3

زيزوومى متألق
إنضم
9 أكتوبر 2007
المشاركات
290
مستوى التفاعل
1
النقاط
360
الإقامة
تتتت
غير متصل
السلام عليكم

عندي الجهاز لي كم يوم احس ثقل فيه واحس انه فيه احد قاعد يتمشى :d:

ويفحط

قلت خلني ادخل على الدووس واجيب لكم امر نيتستات

وهذا هو

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\server>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP 3DOOLY:http 123spywar.com:0 LISTENING
TCP 3DOOLY:epmap 123spywar.com:0 LISTENING
TCP 3DOOLY:microsoft-ds 123spywar.com:0 LISTENING
TCP 3DOOLY:1110 123spywar.com:0 LISTENING
TCP 3DOOLY:5938 123spywar.com:0 LISTENING
TCP 3DOOLY:19780 123spywar.com:0 LISTENING
TCP 3DOOLY:1031 localhost:1110 TIME_WAIT
TCP 3DOOLY:1032 123spywar.com:0 LISTENING
TCP 3DOOLY:1036 localhost:1110 TIME_WAIT
TCP 3DOOLY:1041 localhost:1110 TIME_WAIT
TCP 3DOOLY:1044 localhost:1110 TIME_WAIT
TCP 3DOOLY:1061 localhost:1110 TIME_WAIT
TCP 3DOOLY:1065 localhost:1110 TIME_WAIT
TCP 3DOOLY:1071 localhost:1110 TIME_WAIT
TCP 3DOOLY:1085 localhost:1110 TIME_WAIT
TCP 3DOOLY:1088 localhost:1110 TIME_WAIT
TCP 3DOOLY:1091 localhost:1110 TIME_WAIT
TCP 3DOOLY:1110 localhost:1028 TIME_WAIT
TCP 3DOOLY:1110 localhost:1050 TIME_WAIT
TCP 3DOOLY:1110 localhost:1053 TIME_WAIT
TCP 3DOOLY:1110 localhost:1059 TIME_WAIT
TCP 3DOOLY:1110 localhost:1068 TIME_WAIT
TCP 3DOOLY:1110 localhost:1076 TIME_WAIT
TCP 3DOOLY:1110 localhost:1082 TIME_WAIT
TCP 3DOOLY:1110 localhost:1096 TIME_WAIT
TCP 3DOOLY:1110 localhost:1395 ESTABLISHED
TCP 3DOOLY:1110 localhost:1586 ESTABLISHED
TCP 3DOOLY:1110 localhost:2021 ESTABLISHED
TCP 3DOOLY:1110 localhost:2280 ESTABLISHED
TCP 3DOOLY:1110 localhost:3119 ESTABLISHED
TCP 3DOOLY:1110 localhost:3665 ESTABLISHED
TCP 3DOOLY:1110 localhost:3919 ESTABLISHED
TCP 3DOOLY:1110 localhost:4504 ESTABLISHED
TCP 3DOOLY:1110 localhost:4551 ESTABLISHED
TCP 3DOOLY:1110 localhost:4604 ESTABLISHED
TCP 3DOOLY:1110 localhost:4616 ESTABLISHED
TCP 3DOOLY:1110 localhost:4628 ESTABLISHED
TCP 3DOOLY:1110 localhost:4640 TIME_WAIT
TCP 3DOOLY:1110 localhost:4643 TIME_WAIT
TCP 3DOOLY:1110 localhost:4666 TIME_WAIT
TCP 3DOOLY:1110 localhost:4686 TIME_WAIT
TCP 3DOOLY:1110 localhost:4692 TIME_WAIT
TCP 3DOOLY:1110 localhost:4695 TIME_WAIT
TCP 3DOOLY:1110 localhost:4706 TIME_WAIT
TCP 3DOOLY:1110 localhost:4709 TIME_WAIT
TCP 3DOOLY:1110 localhost:4715 TIME_WAIT
TCP 3DOOLY:1110 localhost:4720 TIME_WAIT
TCP 3DOOLY:1110 localhost:4747 TIME_WAIT
TCP 3DOOLY:1110 localhost:4753 TIME_WAIT
TCP 3DOOLY:1110 localhost:4762 TIME_WAIT
TCP 3DOOLY:1110 localhost:4768 TIME_WAIT
TCP 3DOOLY:1110 localhost:4778 TIME_WAIT
TCP 3DOOLY:1110 localhost:4789 TIME_WAIT
TCP 3DOOLY:1110 localhost:4801 TIME_WAIT
TCP 3DOOLY:1110 localhost:4807 TIME_WAIT
TCP 3DOOLY:1110 localhost:4810 TIME_WAIT
TCP 3DOOLY:1110 localhost:4813 TIME_WAIT
TCP 3DOOLY:1110 localhost:4821 TIME_WAIT
TCP 3DOOLY:1110 localhost:4830 TIME_WAIT
TCP 3DOOLY:1110 localhost:4839 ESTABLISHED
TCP 3DOOLY:1110 localhost:4842 TIME_WAIT
TCP 3DOOLY:1110 localhost:4848 TIME_WAIT
TCP 3DOOLY:1110 localhost:4851 TIME_WAIT
TCP 3DOOLY:1110 localhost:4854 TIME_WAIT
TCP 3DOOLY:1110 localhost:4857 TIME_WAIT
TCP 3DOOLY:1110 localhost:4866 TIME_WAIT
TCP 3DOOLY:1110 localhost:4874 TIME_WAIT
TCP 3DOOLY:1110 localhost:4883 TIME_WAIT
TCP 3DOOLY:1110 localhost:4895 TIME_WAIT
TCP 3DOOLY:1110 localhost:4901 TIME_WAIT
TCP 3DOOLY:1110 localhost:4904 TIME_WAIT
TCP 3DOOLY:1110 localhost:4907 TIME_WAIT
TCP 3DOOLY:1110 localhost:4909 TIME_WAIT
TCP 3DOOLY:1110 localhost:4913 TIME_WAIT
TCP 3DOOLY:1110 localhost:4916 TIME_WAIT
TCP 3DOOLY:1110 localhost:4919 TIME_WAIT
TCP 3DOOLY:1110 localhost:4939 TIME_WAIT
TCP 3DOOLY:1110 localhost:4942 TIME_WAIT
TCP 3DOOLY:1110 localhost:4945 TIME_WAIT
TCP 3DOOLY:1110 localhost:4955 TIME_WAIT
TCP 3DOOLY:1110 localhost:4962 TIME_WAIT
TCP 3DOOLY:1110 localhost:4968 TIME_WAIT
TCP 3DOOLY:1110 localhost:4977 ESTABLISHED
TCP 3DOOLY:1110 localhost:4986 TIME_WAIT
TCP 3DOOLY:1110 localhost:4996 TIME_WAIT
TCP 3DOOLY:1395 localhost:1110 ESTABLISHED
TCP 3DOOLY:1560 localhost:1110 CLOSE_WAIT
TCP 3DOOLY:1586 localhost:1110 ESTABLISHED
TCP 3DOOLY:2021 localhost:1110 ESTABLISHED
TCP 3DOOLY:2280 localhost:1110 ESTABLISHED
TCP 3DOOLY:3119 localhost:1110 ESTABLISHED
TCP 3DOOLY:3665 localhost:1110 ESTABLISHED
TCP 3DOOLY:3919 localhost:1110 ESTABLISHED
TCP 3DOOLY:4504 localhost:1110 ESTABLISHED
TCP 3DOOLY:4551 localhost:1110 ESTABLISHED
TCP 3DOOLY:4604 localhost:1110 ESTABLISHED
TCP 3DOOLY:4616 localhost:1110 ESTABLISHED
TCP 3DOOLY:4628 localhost:1110 ESTABLISHED
TCP 3DOOLY:4649 localhost:1110 TIME_WAIT
TCP 3DOOLY:4668 localhost:1110 TIME_WAIT
TCP 3DOOLY:4672 localhost:1110 TIME_WAIT
TCP 3DOOLY:4675 localhost:1110 TIME_WAIT
TCP 3DOOLY:4680 localhost:1110 TIME_WAIT
TCP 3DOOLY:4689 localhost:1110 TIME_WAIT
TCP 3DOOLY:4698 localhost:1110 TIME_WAIT
TCP 3DOOLY:4701 localhost:1110 TIME_WAIT
TCP 3DOOLY:4718 localhost:1110 TIME_WAIT
TCP 3DOOLY:4724 localhost:1110 TIME_WAIT
TCP 3DOOLY:4733 localhost:1110 TIME_WAIT
TCP 3DOOLY:4736 localhost:1110 TIME_WAIT
TCP 3DOOLY:4741 localhost:1110 TIME_WAIT
TCP 3DOOLY:4749 localhost:1110 TIME_WAIT
TCP 3DOOLY:4759 localhost:1110 TIME_WAIT
TCP 3DOOLY:4763 localhost:1110 TIME_WAIT
TCP 3DOOLY:4774 localhost:1110 TIME_WAIT
TCP 3DOOLY:4777 localhost:1110 TIME_WAIT
TCP 3DOOLY:4786 localhost:1110 TIME_WAIT
TCP 3DOOLY:4792 localhost:1110 TIME_WAIT
TCP 3DOOLY:4795 localhost:1110 TIME_WAIT
TCP 3DOOLY:4798 localhost:1110 TIME_WAIT
TCP 3DOOLY:4804 localhost:1110 TIME_WAIT
TCP 3DOOLY:4818 localhost:1110 TIME_WAIT
TCP 3DOOLY:4824 localhost:1110 TIME_WAIT
TCP 3DOOLY:4827 localhost:1110 TIME_WAIT
TCP 3DOOLY:4836 localhost:1110 TIME_WAIT
TCP 3DOOLY:4839 localhost:1110 ESTABLISHED
TCP 3DOOLY:4845 localhost:1110 TIME_WAIT
TCP 3DOOLY:4860 localhost:1110 TIME_WAIT
TCP 3DOOLY:4869 localhost:1110 TIME_WAIT
TCP 3DOOLY:4877 localhost:1110 TIME_WAIT
TCP 3DOOLY:4886 localhost:1110 TIME_WAIT
TCP 3DOOLY:4889 localhost:1110 TIME_WAIT
TCP 3DOOLY:4892 localhost:1110 TIME_WAIT
TCP 3DOOLY:4922 localhost:1110 TIME_WAIT
TCP 3DOOLY:4931 localhost:1110 TIME_WAIT
TCP 3DOOLY:4934 localhost:1110 TIME_WAIT
TCP 3DOOLY:4958 localhost:1110 TIME_WAIT
TCP 3DOOLY:4964 localhost:1110 TIME_WAIT
TCP 3DOOLY:4971 localhost:1110 TIME_WAIT
TCP 3DOOLY:4974 localhost:1110 TIME_WAIT
TCP 3DOOLY:4977 localhost:1110 ESTABLISHED
TCP 3DOOLY:4991 localhost:1110 TIME_WAIT
TCP 3DOOLY:netbios-ssn 123spywar.com:0 LISTENING
TCP 3DOOLY:1095 dsldevice.lan:http ESTABLISHED
TCP 3DOOLY:1098 209.225.0.101:http CLOSE_WAIT
TCP 3DOOLY:1127 199.106.234.115:17782 ESTABLISHED
TCP 3DOOLY:1241 64.40.12.19:27782 ESTABLISHED
TCP 3DOOLY:1397 ads.web.aol.com:http ESTABLISHED
TCP 3DOOLY:1588 ads.web.aol.com:http ESTABLISHED
TCP 3DOOLY:2023 74.201.94.42:http ESTABLISHED
TCP 3DOOLY:2226 vhi-prepcart2.usc.edu:5938 ESTABLISHED
TCP 3DOOLY:2282 74.201.94.42:http ESTABLISHED
TCP 3DOOLY:2486 89.108.20.103:64208 ESTABLISHED
TCP 3DOOLY:3121 208.70.8.27:http ESTABLISHED
TCP 3DOOLY:3667 208.70.8.27:http ESTABLISHED
TCP 3DOOLY:3921 mk-in-f127.google.com:http ESTABLISHED
TCP 3DOOLY:4507 fx-in-f166.google.com:http ESTABLISHED
TCP 3DOOLY:4553 fx-in-f166.google.com:http ESTABLISHED
TCP 3DOOLY:4606
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
ESTABLISHED
TCP 3DOOLY:4618
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
ESTABLISHED
TCP 3DOOLY:4630 mk-in-f127.google.com:http ESTABLISHED
TCP 3DOOLY:4659 mk-in-f127.google.com:http TIME_WAIT
TCP 3DOOLY:4776 168.75.68.97:http TIME_WAIT
TCP 3DOOLY:4841 79.140.80.88:http ESTABLISHED
TCP 3DOOLY:4871 168.75.68.97:http TIME_WAIT
TCP 3DOOLY:4949 by2msg1043502.gateway.edge.messenger.live.com:18
63 ESTABLISHED
TCP 3DOOLY:4960 by2msg1104015.phx.gbl:1863 ESTABLISHED
TCP 3DOOLY:4980 79.140.80.17:http ESTABLISHED
UDP 3DOOLY:microsoft-ds *:*
UDP 3DOOLY:isakmp *:*
UDP 3DOOLY:1025 *:*
UDP 3DOOLY:1095 *:*
UDP 3DOOLY:1202 *:*
UDP 3DOOLY:1243 *:*
UDP 3DOOLY:1244 *:*
UDP 3DOOLY:1254 *:*
UDP 3DOOLY:4500 *:*
UDP 3DOOLY:5938 *:*
UDP 3DOOLY:ntp *:*
UDP 3DOOLY:1048 *:*
UDP 3DOOLY:1064 *:*
UDP 3DOOLY:1104 *:*
UDP 3DOOLY:1130 *:*
UDP 3DOOLY:1208 *:*
UDP 3DOOLY:1900 *:*
UDP 3DOOLY:discard *:*
UDP 3DOOLY:ntp *:*
UDP 3DOOLY:netbios-ns *:*
UDP 3DOOLY:netbios-dgm *:*
UDP 3DOOLY:1900 *:*
UDP 3DOOLY:6923 *:*
UDP 3DOOLY:13310 *:*
UDP 3DOOLY:15635 *:*
UDP 3DOOLY:42008 *:*
C:\Documents and Settings\server>


-----------------------------------------
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\server>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP 3DOOLY:http 123spywar.com:0 LISTENING
TCP 3DOOLY:epmap 123spywar.com:0 LISTENING
TCP 3DOOLY:microsoft-ds 123spywar.com:0 LISTENING
TCP 3DOOLY:1110 123spywar.com:0 LISTENING
TCP 3DOOLY:5938 123spywar.com:0 LISTENING
TCP 3DOOLY:19780 123spywar.com:0 LISTENING
TCP 3DOOLY:1031 localhost:1110 TIME_WAIT
TCP 3DOOLY:1032 123spywar.com:0 LISTENING
TCP 3DOOLY:1036 localhost:1110 TIME_WAIT
TCP 3DOOLY:1041 localhost:1110 TIME_WAIT
TCP 3DOOLY:1044 localhost:1110 TIME_WAIT
TCP 3DOOLY:1061 localhost:1110 TIME_WAIT
TCP 3DOOLY:1065 localhost:1110 TIME_WAIT
TCP 3DOOLY:1071 localhost:1110 TIME_WAIT
TCP 3DOOLY:1085 localhost:1110 TIME_WAIT
TCP 3DOOLY:1088 localhost:1110 TIME_WAIT
TCP 3DOOLY:1091 localhost:1110 TIME_WAIT
TCP 3DOOLY:1110 localhost:1028 TIME_WAIT
TCP 3DOOLY:1110 localhost:1050 TIME_WAIT
TCP 3DOOLY:1110 localhost:1053 TIME_WAIT
TCP 3DOOLY:1110 localhost:1059 TIME_WAIT
TCP 3DOOLY:1110 localhost:1068 TIME_WAIT
TCP 3DOOLY:1110 localhost:1076 TIME_WAIT
TCP 3DOOLY:1110 localhost:1082 TIME_WAIT
TCP 3DOOLY:1110 localhost:1096 TIME_WAIT
TCP 3DOOLY:1110 localhost:1395 ESTABLISHED
TCP 3DOOLY:1110 localhost:1586 ESTABLISHED
TCP 3DOOLY:1110 localhost:2021 ESTABLISHED
TCP 3DOOLY:1110 localhost:2280 ESTABLISHED
TCP 3DOOLY:1110 localhost:3119 ESTABLISHED
TCP 3DOOLY:1110 localhost:3665 ESTABLISHED
TCP 3DOOLY:1110 localhost:3919 ESTABLISHED
TCP 3DOOLY:1110 localhost:4504 ESTABLISHED
TCP 3DOOLY:1110 localhost:4551 ESTABLISHED
TCP 3DOOLY:1110 localhost:4604 ESTABLISHED
TCP 3DOOLY:1110 localhost:4616 ESTABLISHED
TCP 3DOOLY:1110 localhost:4628 ESTABLISHED
TCP 3DOOLY:1110 localhost:4640 TIME_WAIT
TCP 3DOOLY:1110 localhost:4643 TIME_WAIT
TCP 3DOOLY:1110 localhost:4666 TIME_WAIT
TCP 3DOOLY:1110 localhost:4686 TIME_WAIT
TCP 3DOOLY:1110 localhost:4692 TIME_WAIT
TCP 3DOOLY:1110 localhost:4695 TIME_WAIT
TCP 3DOOLY:1110 localhost:4706 TIME_WAIT
TCP 3DOOLY:1110 localhost:4709 TIME_WAIT
TCP 3DOOLY:1110 localhost:4715 TIME_WAIT
TCP 3DOOLY:1110 localhost:4720 TIME_WAIT
TCP 3DOOLY:1110 localhost:4747 TIME_WAIT
TCP 3DOOLY:1110 localhost:4753 TIME_WAIT
TCP 3DOOLY:1110 localhost:4762 TIME_WAIT
TCP 3DOOLY:1110 localhost:4768 TIME_WAIT
TCP 3DOOLY:1110 localhost:4778 TIME_WAIT
TCP 3DOOLY:1110 localhost:4789 TIME_WAIT
TCP 3DOOLY:1110 localhost:4801 TIME_WAIT
TCP 3DOOLY:1110 localhost:4807 TIME_WAIT
TCP 3DOOLY:1110 localhost:4810 TIME_WAIT
TCP 3DOOLY:1110 localhost:4813 TIME_WAIT
TCP 3DOOLY:1110 localhost:4821 TIME_WAIT
TCP 3DOOLY:1110 localhost:4830 TIME_WAIT
TCP 3DOOLY:1110 localhost:4839 ESTABLISHED
TCP 3DOOLY:1110 localhost:4842 TIME_WAIT
TCP 3DOOLY:1110 localhost:4848 TIME_WAIT
TCP 3DOOLY:1110 localhost:4851 TIME_WAIT
TCP 3DOOLY:1110 localhost:4854 TIME_WAIT
TCP 3DOOLY:1110 localhost:4857 TIME_WAIT
TCP 3DOOLY:1110 localhost:4866 TIME_WAIT
TCP 3DOOLY:1110 localhost:4874 TIME_WAIT
TCP 3DOOLY:1110 localhost:4883 TIME_WAIT
TCP 3DOOLY:1110 localhost:4895 TIME_WAIT
TCP 3DOOLY:1110 localhost:4901 TIME_WAIT
TCP 3DOOLY:1110 localhost:4904 TIME_WAIT
TCP 3DOOLY:1110 localhost:4907 TIME_WAIT
TCP 3DOOLY:1110 localhost:4909 TIME_WAIT
TCP 3DOOLY:1110 localhost:4913 TIME_WAIT
TCP 3DOOLY:1110 localhost:4916 TIME_WAIT
TCP 3DOOLY:1110 localhost:4919 TIME_WAIT
TCP 3DOOLY:1110 localhost:4939 TIME_WAIT
TCP 3DOOLY:1110 localhost:4942 TIME_WAIT
TCP 3DOOLY:1110 localhost:4945 TIME_WAIT
TCP 3DOOLY:1110 localhost:4955 TIME_WAIT
TCP 3DOOLY:1110 localhost:4962 TIME_WAIT
TCP 3DOOLY:1110 localhost:4968 TIME_WAIT
TCP 3DOOLY:1110 localhost:4977 ESTABLISHED
TCP 3DOOLY:1110 localhost:4986 TIME_WAIT
TCP 3DOOLY:1110 localhost:4996 TIME_WAIT
TCP 3DOOLY:1395 localhost:1110 ESTABLISHED
TCP 3DOOLY:1560 localhost:1110 CLOSE_WAIT
TCP 3DOOLY:1586 localhost:1110 ESTABLISHED
TCP 3DOOLY:2021 localhost:1110 ESTABLISHED
TCP 3DOOLY:2280 localhost:1110 ESTABLISHED
TCP 3DOOLY:3119 localhost:1110 ESTABLISHED
TCP 3DOOLY:3665 localhost:1110 ESTABLISHED
TCP 3DOOLY:3919 localhost:1110 ESTABLISHED
TCP 3DOOLY:4504 localhost:1110 ESTABLISHED
TCP 3DOOLY:4551 localhost:1110 ESTABLISHED
TCP 3DOOLY:4604 localhost:1110 ESTABLISHED
TCP 3DOOLY:4616 localhost:1110 ESTABLISHED
TCP 3DOOLY:4628 localhost:1110 ESTABLISHED
TCP 3DOOLY:4649 localhost:1110 TIME_WAIT
TCP 3DOOLY:4668 localhost:1110 TIME_WAIT
TCP 3DOOLY:4672 localhost:1110 TIME_WAIT
TCP 3DOOLY:4675 localhost:1110 TIME_WAIT
TCP 3DOOLY:4680 localhost:1110 TIME_WAIT
TCP 3DOOLY:4689 localhost:1110 TIME_WAIT
TCP 3DOOLY:4698 localhost:1110 TIME_WAIT
TCP 3DOOLY:4701 localhost:1110 TIME_WAIT
TCP 3DOOLY:4718 localhost:1110 TIME_WAIT
TCP 3DOOLY:4724 localhost:1110 TIME_WAIT
TCP 3DOOLY:4733 localhost:1110 TIME_WAIT
TCP 3DOOLY:4736 localhost:1110 TIME_WAIT
TCP 3DOOLY:4741 localhost:1110 TIME_WAIT
TCP 3DOOLY:4749 localhost:1110 TIME_WAIT
TCP 3DOOLY:4759 localhost:1110 TIME_WAIT
TCP 3DOOLY:4763 localhost:1110 TIME_WAIT
TCP 3DOOLY:4774 localhost:1110 TIME_WAIT
TCP 3DOOLY:4777 localhost:1110 TIME_WAIT
TCP 3DOOLY:4786 localhost:1110 TIME_WAIT
TCP 3DOOLY:4792 localhost:1110 TIME_WAIT
TCP 3DOOLY:4795 localhost:1110 TIME_WAIT
TCP 3DOOLY:4798 localhost:1110 TIME_WAIT
TCP 3DOOLY:4804 localhost:1110 TIME_WAIT
TCP 3DOOLY:4818 localhost:1110 TIME_WAIT
TCP 3DOOLY:4824 localhost:1110 TIME_WAIT
TCP 3DOOLY:4827 localhost:1110 TIME_WAIT
TCP 3DOOLY:4836 localhost:1110 TIME_WAIT
TCP 3DOOLY:4839 localhost:1110 ESTABLISHED
TCP 3DOOLY:4845 localhost:1110 TIME_WAIT
TCP 3DOOLY:4860 localhost:1110 TIME_WAIT
TCP 3DOOLY:4869 localhost:1110 TIME_WAIT
TCP 3DOOLY:4877 localhost:1110 TIME_WAIT
TCP 3DOOLY:4886 localhost:1110 TIME_WAIT
TCP 3DOOLY:4889 localhost:1110 TIME_WAIT
TCP 3DOOLY:4892 localhost:1110 TIME_WAIT
TCP 3DOOLY:4922 localhost:1110 TIME_WAIT
TCP 3DOOLY:4931 localhost:1110 TIME_WAIT
TCP 3DOOLY:4934 localhost:1110 TIME_WAIT
TCP 3DOOLY:4958 localhost:1110 TIME_WAIT
TCP 3DOOLY:4964 localhost:1110 TIME_WAIT
TCP 3DOOLY:4971 localhost:1110 TIME_WAIT
TCP 3DOOLY:4974 localhost:1110 TIME_WAIT
TCP 3DOOLY:4977 localhost:1110 ESTABLISHED
TCP 3DOOLY:4991 localhost:1110 TIME_WAIT
TCP 3DOOLY:netbios-ssn 123spywar.com:0 LISTENING
TCP 3DOOLY:1095 dsldevice.lan:http ESTABLISHED
TCP 3DOOLY:1098 209.225.0.101:http CLOSE_WAIT
TCP 3DOOLY:1127 199.106.234.115:17782 ESTABLISHED
TCP 3DOOLY:1241 64.40.12.19:27782 ESTABLISHED
TCP 3DOOLY:1397 ads.web.aol.com:http ESTABLISHED
TCP 3DOOLY:1588 ads.web.aol.com:http ESTABLISHED
TCP 3DOOLY:2023 74.201.94.42:http ESTABLISHED
TCP 3DOOLY:2226 vhi-prepcart2.usc.edu:5938 ESTABLISHED
TCP 3DOOLY:2282 74.201.94.42:http ESTABLISHED
TCP 3DOOLY:2486 89.108.20.103:64208 ESTABLISHED
TCP 3DOOLY:3121 208.70.8.27:http ESTABLISHED
TCP 3DOOLY:3667 208.70.8.27:http ESTABLISHED
TCP 3DOOLY:3921 mk-in-f127.google.com:http ESTABLISHED
TCP 3DOOLY:4507 fx-in-f166.google.com:http ESTABLISHED
TCP 3DOOLY:4553 fx-in-f166.google.com:http ESTABLISHED
TCP 3DOOLY:4606
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
ESTABLISHED
TCP 3DOOLY:4618
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
ESTABLISHED
TCP 3DOOLY:4630 mk-in-f127.google.com:http ESTABLISHED
TCP 3DOOLY:4659 mk-in-f127.google.com:http TIME_WAIT
TCP 3DOOLY:4776 168.75.68.97:http TIME_WAIT
TCP 3DOOLY:4841 79.140.80.88:http ESTABLISHED
TCP 3DOOLY:4871 168.75.68.97:http TIME_WAIT
TCP 3DOOLY:4949 by2msg1043502.gateway.edge.messenger.live.com:18
63 ESTABLISHED
TCP 3DOOLY:4960 by2msg1104015.phx.gbl:1863 ESTABLISHED
TCP 3DOOLY:4980 79.140.80.17:http ESTABLISHED
UDP 3DOOLY:microsoft-ds *:*
UDP 3DOOLY:isakmp *:*
UDP 3DOOLY:1025 *:*
UDP 3DOOLY:1095 *:*
UDP 3DOOLY:1202 *:*
UDP 3DOOLY:1243 *:*
UDP 3DOOLY:1244 *:*
UDP 3DOOLY:1254 *:*
UDP 3DOOLY:4500 *:*
UDP 3DOOLY:5938 *:*
UDP 3DOOLY:ntp *:*
UDP 3DOOLY:1048 *:*
UDP 3DOOLY:1064 *:*
UDP 3DOOLY:1104 *:*
UDP 3DOOLY:1130 *:*
UDP 3DOOLY:1208 *:*
UDP 3DOOLY:1900 *:*
UDP 3DOOLY:discard *:*
UDP 3DOOLY:ntp *:*
UDP 3DOOLY:netbios-ns *:*
UDP 3DOOLY:netbios-dgm *:*
UDP 3DOOLY:1900 *:*
UDP 3DOOLY:6923 *:*
UDP 3DOOLY:13310 *:*
UDP 3DOOLY:15635 *:*
UDP 3DOOLY:42008 *:*
C:\Documents and Settings\server>
 

توقيع : moad3
ترتيب حسب التاريخ ترتيب حسب الأصوات
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------

( 2 )

واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
تأييد 0
تسلم اخوي بوح
لكن سؤالي

هل تبين لك شي من الي في الاعلى؟

وشكراً
 
توقيع : moad3
تأييد 0
افااا عشر مخترقين في جهازك ...:d:
وقعدين يفحطون بعد
...
لما تسوي هذي طريقة قفل جميع البرامج إلا تعمل عليها
والاكسبلوار

واعمل إللي قالك بوب عشان نقدر نعرف هل جهازك مخترق أما لا ..:king:
 
توقيع : KinXG BlacK
تأييد 0
اوكي يعطيك العافيه

هذا التقرير بالبرنامج الاول

ComboFix 08-06-20.4 - server 06/29/2008 17:36:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.2522 [GMT 3:00]
Running from: C:\Documents and Settings\server\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 14:47 44,726,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-29 14:46 1,819,424 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-29 14:30 612,908 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-29 14:30 176,648 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-29 14:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-29 08:05 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-28 19:59 --------- d-----w C:\Program Files\Recuva
2008-06-28 19:39 --------- d-----w C:\Program Files\BoomerangDR
2008-06-28 18:35 --------- d-----w C:\Program Files\Al Sala 1.0
2008-06-24 13:24 --------- d-----w C:\Program Files\HiChatter Messenger
2008-06-22 16:33 --------- d-----w C:\Program Files\TeamViewer3
2008-06-21 08:37 --------- d-----w C:\Documents and Settings\server\Application Data\Avant Profiles
2008-06-18 17:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-06-18 06:58 --------- d-----w C:\Documents and Settings\server\Application Data\DMCache
2008-06-17 14:28 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-06-17 09:19 --------- d-----w C:\Program Files\Avant Browser
2008-06-16 15:43 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-16 15:42 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-16 15:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 15:30 --------- d-----w C:\Program Files\Firefly Studios
2008-06-16 08:17 --------- d-----w C:\Program Files\AskPBar
2008-06-15 18:05 --------- d-----w C:\Program Files\Alcohol Soft
2008-06-14 17:49 --------- d-----w C:\Program Files\Tweak Marketing
2008-06-14 17:49 --------- d-----w C:\Program Files\Elecard
2008-06-14 16:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 16:04 --------- d-----w C:\Program Files\Google
2008-06-13 16:42 --------- d-----w C:\Program Files\FlashGet
2008-06-12 15:48 --------- d-----w C:\Documents and Settings\server\Application Data\uTorrent
2008-06-10 16:01 --------- d-----w C:\Program Files\PowerArchiver
2008-06-08 08:37 --------- d-----w C:\Program Files\The KMPlayer1431
2008-06-08 07:31 --------- d-----w C:\Documents and Settings\server\Application Data\CyberScrub
2008-06-08 07:27 --------- d-----w C:\Documents and Settings\server\Application Data\cleaner
2008-06-08 07:20 --------- d-----w C:\Program Files\Hotspot Shield
2008-06-06 18:20 --------- d-----w C:\Program Files\RightMark3DSound
2008-06-04 15:56 --------- d-----w C:\Documents and Settings\server\Application Data\Steganos VPN
2008-06-04 15:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-03 14:39 --------- d-----w C:\Program Files\VMNetSrv
2008-06-03 07:51 --------- d-----w C:\Program Files\zyzoom
2008-06-03 07:51 --------- d-----w C:\Program Files\Conduit
2008-06-01 15:52 --------- d-----w C:\Documents and Settings\server\Application Data\upeggslog
2008-06-01 15:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Mags Mapi Joy Bike
2008-06-01 15:51 --------- d-----w C:\Program Files\upeggslog
2008-06-01 15:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-01 14:43 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-30 15:39 --------- d-----w C:\Documents and Settings\server\Application Data\Ulead Systems
2008-05-30 15:12 --------- d-----w C:\Program Files\Zoom Player
2008-05-30 14:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2008-05-29 16:20 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-29 16:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
2008-05-29 16:19 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-05-29 16:18 --------- d-----w C:\Program Files\Ulead Systems
2008-05-28 15:13 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 15:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-28 07:30 --------- d-----w C:\Documents and Settings\server\Application Data\CoSoSys
2008-05-27 14:38 --------- d-----w C:\Program Files\MSBuild
2008-05-27 14:38 --------- d-----w C:\Program Files\Microsoft Works
2008-05-23 16:37 --------- d-----w C:\Program Files\MathType
2008-05-23 16:37 --------- d-----w C:\Documents and Settings\server\Application Data\Design Science
2008-05-22 16:38 --------- d-----w C:\Program Files\Easy Video Downloader
2008-05-17 19:17 --------- d-----w C:\Program Files\Common Files\Rtools
2008-05-16 13:41 720,896 -c--a-w C:\WINDOWS\iun6002.exe
2008-05-15 18:49 --------- d-----w C:\Program Files\Acme Photo ScreenSaver Maker
2008-05-15 17:02 4,881,405 ----a-w C:\WINDOWS\system32\شاشة توقف الخادم 2008.Scr
2008-05-15 15:49 --------- d-----w C:\Documents and Settings\server\Application Data\U3
2008-05-15 13:09 --------- d-----w C:\Program Files\Paltalk Messenger
2008-05-04 08:22 --------- d-----w C:\Program Files\MultipleIEs
2008-05-04 08:21 --------- d-----w C:\Program Files\MSECache
2008-05-04 06:30 --------- d-----w C:\Program Files\Any Video Converter Professional
2008-05-02 13:10 --------- d-----w C:\Program Files\Mass-email Express
2008-04-29 19:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AVM Web Client
2008-04-29 09:32 --------- d-----w C:\Documents and Settings\server\Application Data\Genie-Soft
2008-04-29 09:31 --------- d-----w C:\Program Files\Genie-Soft
2008-04-28 17:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2008-04-28 17:11 --------- d-----w C:\Program Files\TechSmith
2008-04-28 17:11 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-04-14 10:29 156,672 ----a-w C:\WINDOWS\system32\SET1F.tmp
2008-04-10 17:54 87,608 ----a-w C:\Documents and Settings\server\Application Data\ezpinst.exe
2008-04-10 17:54 47,360 ----a-w C:\Documents and Settings\server\Application Data\pcouffin.sys
.
كود: 
<pre>
----a-w         6,888,535 2005-09-10 11:03:42  C:\Documents and Settings\server\سطح المكتب\فلاش 4 جيجا بتاريخ 23-3-1429هـ\flash\بعد الفورمات\برنامج اسيل للنسخ ( الاصدار الجديد )\اسيل الجديد .exe
----a-w         6,888,535 2006-06-24 21:50:42  C:\Documents and Settings\server\سطح المكتب\فلاش 4 جيجا بتاريخ 23-3-1429هـ\SERVERr\برامج النسخ\برنامج اسيل للنسخ\اسيل الجديد .exe
----a-w           572,055 2004-02-12 06:37:16  C:\Documents and Settings\server\سطح المكتب\فلاش 4 جيجا بتاريخ 23-3-1429هـ\فلاش منوَّع\إلى القرآن .exe
</pre>

((((((((((((((((((((((((((((( snapshot@Sun 06-29-2008_17.26.08.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 18:34:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 14:31:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-29 14:14:18 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
+ 2008-06-29 14:29:59 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
- 2008-06-29 14:14:18 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-29 14:29:59 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-28 18:39:30 82,876 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-06-29 14:36:32 82,876 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-06-28 18:39:31 82,812 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-29 14:36:32 82,812 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-28 18:39:31 404,998 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-06-29 14:36:32 404,998 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-06-28 18:39:31 475,176 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-29 14:36:32 475,176 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"HiChatter"="C:\Program Files\HiChatter Messenger\HiChater.exe" [06/10/2008 11:54 PM 3101696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/23/2008 04:22 PM 185896]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [04/13/2008 02:13 PM 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [09/19/2001 05:00 PM 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/13/2008 02:13 PM 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [04/13/2008 02:13 PM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [04/13/2008 02:13 PM 455168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304]
C:\Documents and Settings\All Users.WINDOWS\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
BTTray.lnk - C:\Program Files\MSI\Bluetooth Software\BTTray.exe [2004-03-31 17:13:32 507965]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
"DisableRegedit"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/25/2007 03:22 PM 63040 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^قائمة ابدأ^البرامج^بدء التشغيل^cafe.lnk]
backup=C:\WINDOWS\pss\cafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^قائمة ابدأ^البرامج^بدء التشغيل^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^قائمة ابدأ^البرامج^بدء التشغيل^PalStart.lnk]
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^قائمة ابدأ^البرامج^بدء التشغيل^SnagIt 8.lnk]
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^server^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^server^قائمة ابدأ^البرامج^بدء التشغيل^Ela-Salaty.lnk]
backup=C:\WINDOWS\pss\Ela-Salaty.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^server^قائمة ابدأ^البرامج^بدء التشغيل^cafe.lnk]
backup=C:\WINDOWS\pss\cafe.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^server^قائمة ابدأ^البرامج^بدء التشغيل^MSN Pictures Displayer.lnk]
backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^server^قائمة ابدأ^البرامج^بدء التشغيل^خادم الجمل.lnk]
backup=C:\WINDOWS\pss\خادم الجمل.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 12/18/2007 12:43 AM 227856 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommCtr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:56 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\curbreal]
--a------ 06/01/2008 06:51 PM 615424 C:\DOCUME~1\server\APPLIC~1\UPEGGS~1\KEEPCLOSE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 01/30/2007 05:50 PM 20480 C:\WINDOWS\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
--a--c--- 01/30/2007 06:11 AM 1554184 C:\Program Files\FlashGet\FlashGet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 10/27/2006 12:47 AM 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 01/13/2007 09:47 AM 163840 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 01/20/2008 09:17 PM 896256 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 01/13/2007 09:47 AM 131072 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Joy Bike More City]
--a------ 06/02/2008 10:19 PM 617984 C:\Documents and Settings\All Users.WINDOWS\Application Data\Mags Mapi Joy Bike\ stop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Karen]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a--c--- 11/08/2006 01:27 PM 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 01/13/2007 09:46 AM 135168 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray]
--a------ 11/30/2007 06:08 PM 140328 C:\Program Files\PowerArchiver\PASTARTER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 10/22/2007 05:11 PM 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raVe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 01/08/2007 10:26 PM 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RRT-Auto]
--a------ 03/24/2008 04:20 PM 254652 G:\برامج منوعه2005 على server2 (Pc1)\RRT\RRT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 07/30/2003 09:08 AM 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra--c--- 12/29/2004 01:01 AM 544768 C:\WINDOWS\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startIE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 09/25/2007 01:11 AM 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemInit]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 02/23/2008 04:22 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB GATE]
--a------ 11/06/2007 10:25 AM 925696 C:\Program Files\USB GATE\USB GATE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--a--c--- 05/17/2006 02:23 PM 36864 C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 03/03/2007 02:12 PM 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC7Player]
--a--c--- 04/04/2005 12:53 PM 233472 C:\Program Files\HHVcdV7Sys\VC7Play.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerbAce]
--a------ 03/24/2008 08:30 PM 139264 C:\Program Files\VerbAce\VerbAce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32BaseServiceMOD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 03/14/2007 06:21 PM 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\X'nBeep]
--a--c--- 01/08/2007 10:43 PM 1067520 C:\Program Files\X'nBeep 1.1\XnBeep.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"G:\\برامج منوعه2005 على server2 (Pc1)\\برنامج تورنت رهيييييييييب من ناحية الحجم\\utorrent-1.1.2.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17879:TCP"= 17879:TCP:BitComet 17879 TCP
"17879:UDP"= 17879:UDP:BitComet 17879 UDP
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP المنفذ 37675
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [04/05/2007 11:55 AM]
R2 TeamViewer;TeamViewer 3;"C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service []
R2 VC7SecS;Virtual CD v7 Management Service;C:\Program Files\HHVcdV7Sys\VC7SecS.exe [03/02/2005 04:04 PM]
S1 vdrv7000;vdrv7000;C:\WINDOWS\system32\DRIVERS\vdrv7000.sys [01/31/2005 01:54 PM]
S2 CamelApache;CamelApache;"C:\camel\apache\apache.exe" --ntservice []
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [08/03/2005 12:10 AM]
S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys []
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [02/15/2007 08:48 PM]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc937c4f-2d9a-11dd-b987-0004761defdd}]
\Shell\AutoRun\command - H:\
\Shell\explore\Command - WScript.exe .\imgkulot.vbs
\Shell\open\Command - WScript.exe .\imgkulot.vbs
.
s of the 'Scheduled Tasks' folder
"2008-06-27 14:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-06-29 17:46:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 06/29/2008 17:49:48
ComboFix-quarantined-files.txt 2008-06-29 14:49:36
ComboFix2.txt 2008-06-29 14:26:49
Pre-Run: 6,508,482,560 bytes free
Post-Run: 6,488,756,224 bytes free
324
-----------------------

وهذا التقرير ببرنامج هي جاك

Logfile of HijackThis v1.99.1
Scan saved at 05:51:44 م, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MSI\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HiChatter] C:\Program Files\HiChatter Messenger\HiChater.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: إحصائيات مضاد فيروسات المواقع - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: CamelApache - Unknown owner - C:\camel\apache\apache.exe" --ntservice (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe

وشكراً
 
توقيع : moad3
تأييد 0
up
 
توقيع : moad3
تأييد 0
احذف هذه القيم

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [INTERNATIONAL] International*


طريقة الحذف



mg%20%283%29.png


mg%20%284%29.png


=================================​

استخدم هذه الاداة للتنظيف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


wh_15149054.png


 
توقيع : فارس الملاك
تأييد 0
يعطيك العافيه اخوي فارس

هذا التقرير بعد

Logfile of HijackThis v1.99.1
Scan saved at 09:08:24 م, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MSI\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HiChatter] C:\Program Files\HiChatter Messenger\HiChater.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: إحصائيات مضاد فيروسات المواقع - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: CamelApache - Unknown owner - C:\camel\apache\apache.exe" --ntservice (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe


وياليت التأكد او الرد علي بالنسبه للاختراق في اول الموضوع؟
 
توقيع : moad3
تأييد 0
تقريرك سليم عزيزي بس احذف هالقيمة

O11 - Options group: [INTERNATIONAL] International*

تحياتي
 
توقيع : فارس الملاك
تأييد 0
بالنسبة حق الاختراق

عادي اخوي مافي اي اختراق او شي لانك مركب الكاسبر

وان شاء الله مايجيك شي
 
توقيع : فارس الملاك
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى