حليت مشكله وطحت في مشاكل

ا

الازرق الجنوبي

زيزوومى فعال
إنضم
24 فبراير 2008
المشاركات
253
مستوى التفاعل
4
النقاط
330
الإقامة
الخبر
غير متصل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


طبعا هذا موضوع كان لي قبل يومين عن مشكلة توقف جهازي او تجمده ولا لقينا حل نهائيا

الاخ ابو ريما

والاخ اعتزبك

بيض الله وجوههم قاموا باللازم واكثر ولكن الان انا طايح بمشكلة جديد جهازي بدون برنامج حماية

وانا صاحب موقع وخايف على جهازي <<<<لايكون انك صاحب موقع زيزوووم بس

طبعا بعد تفكير عميق واخذ ورد وانا افنتك مخي قلت يابو الشباب انت ابخص بجهازك المهم

مالكم بالطويلة قمت وحذفت ام الكاسبر الا جهازي كانه كان ملبوس بعففريت والله فكه منه اصبح جهازي تمام لاتعليق ولا تهنيق ولا هم يحزنون ...

ققمت ونصبت البرنامج من جديد:d:

الا الجهاز والنت لبسهم عفريتنا الاول المشكله الحين

1- النت لايتصل نهائي اذا بغيت اتصل بالنت حذفت الكاسبر

2- الجهاز يرجع له نفس التهنيق

برنامج الكاسبر انا ماخذه عن طريق شركة الاتصالات فانا مشترك بخدمة شامل وعندهم خدمة الكاسبر تحملة ومعه مفتاح اصلي ..

وش الحل يااخوان وهذا تقرير الهاي جاك..

هل ااستغني عن هالكاسبر واحمل برنامج ثاني

عسى تكونوا فهمتوا شيء

هذا التقرير بملف مضغوط..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
انسخ التقرير نسخ يالحبيب في الرد مش مضغوط
 
توقيع : format
تأييد 0
وهذا التقرير ياغالي

Logfile of HijackThis v1.99.1
Scan saved at 12:18:45, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Documents and Settings\basil net\Application Data\cleaner\Scheduler.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\Program Files\TuneUp Utilities 2009\DiskExplorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\basil net\Desktop\HijackThis.exe
C:\WINDOWS\system32\SNDVOL32.EXE

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Privacy Suite Scheduler] "C:\Documents and Settings\basil net\Application Data\cleaner\Scheduler.exe" /SYSTRAY
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)
 
تأييد 0
O4 - HKCU\..\Run: [Privacy Suite Scheduler] "C:\Documents and Settings\basil net\Application Data\cleaner\Scheduler.exe" /SYSTRAY

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)


O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
 
توقيع : format
تأييد 0
طريقة الحذف


mg%20%283%29.png



mg%20%284%29.png




نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


أو

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

i9141_11.png

i9142_22.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

i9143_33.png


 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
نزل هذه الاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك

ثم هايجك...................
 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
تسلم ياغالي وجاري تنفيذ المطلوب
 
تأييد 0
توقيع : format
تأييد 0
ComboFix 09-05-20.A1 - basil net 05/21/2009 17:10.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1022.640 [GMT 3:00]
Running from: c:\documents and settings\basil net\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-20 02:07 . 2009-05-20 02:07 -------- d-----w c:\program files\Kaspersky Lab
2009-05-19 02:44 . 2009-05-19 02:44 -------- d-----w C:\Temp
2009-05-19 02:10 . 2009-05-19 19:26 -------- d-----w c:\program files\a-squared Free
2009-05-18 21:39 . 2009-05-18 21:39 -------- d-----w c:\program files\CodeStuff
2009-05-18 20:57 . 2009-05-18 20:57 -------- d-----w c:\program files\Ask Search Assistant
2009-05-16 22:35 . 2009-05-16 22:35 -------- d-----w c:\documents and settings\basil net\Application Data\vlc
2009-05-16 02:42 . 2009-05-16 02:42 -------- d--h--w c:\windows\PIF
2009-05-15 06:15 . 2009-05-15 06:15 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Nokia
2009-05-15 06:12 . 2009-05-15 06:12 162840 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-15 05:09 . 2009-05-15 05:09 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\Nokia
2009-05-15 05:08 . 2009-05-15 05:09 -------- d-----w c:\windows\Globalization
2009-05-15 05:06 . 2009-05-15 05:07 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-05-14 00:09 . 2008-04-13 18:45 26112 ----a-w c:\windows\system32\drivers\usbser.sys
2009-05-14 00:08 . 2008-03-21 10:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-05-13 23:46 . 2009-05-13 23:46 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-13 23:46 . 2009-05-15 05:06 -------- d-----w c:\program files\Common Files\Nokia
2009-05-13 23:44 . 2008-08-26 07:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-05-13 23:44 . 2009-05-13 23:44 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-13 23:42 . 2009-02-09 04:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-13 23:42 . 2009-02-09 04:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-13 23:42 . 2009-02-09 04:37 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys
2009-05-11 22:19 . 2009-05-11 22:19 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-11 22:19 . 2008-11-12 13:44 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-11 22:19 . 2009-05-11 22:19 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-08 08:48 . 2009-05-08 08:48 -------- d-----w c:\documents and settings\basil net\Application Data\TuneUp Software
2009-05-08 08:47 . 2009-05-08 08:47 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-08 08:47 . 2009-05-21 05:13 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-08 08:45 . 2009-05-08 08:45 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-06 15:06 . 2009-05-06 15:06 -------- d-----w c:\windows\Sun
2009-05-06 14:59 . 2009-05-06 14:59 -------- dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-05-06 14:28 . 2004-01-10 22:17 45568 ----a-w c:\windows\system32\YM11AUTH.DLL
2009-05-06 13:39 . 2009-05-06 13:39 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-05-06 07:59 . 2003-08-07 12:01 237568 ----a-w c:\windows\system32\lame_enc.dll
2009-05-06 07:58 . 2009-05-06 07:58 -------- d-----w c:\program files\Ozone
2009-05-06 05:22 . 2009-05-18 13:06 -------- d-----w c:\program files\Real_SC
2009-05-05 16:42 . 2009-05-06 18:12 -------- d-----w c:\program files\Norton Security Scan
2009-05-05 13:34 . 2009-05-05 13:34 -------- d-----w c:\windows\system32\Adobe
2009-05-04 16:17 . 2009-05-04 16:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-04 16:17 . 2009-05-04 16:17 -------- d-----w c:\program files\Java
2009-05-03 23:47 . 2009-05-08 21:32 -------- d-----w c:\program files\Photo Story 3 for Windows
2009-05-03 22:48 . 2009-05-03 22:48 -------- d-----w c:\documents and settings\basil net\Application Data\Uniblue
2009-05-02 01:00 . 2005-05-26 17:00 403968 ----a-w c:\windows\system32\NCTWMAFile2.dll
2009-05-02 01:00 . 2005-02-24 17:11 479232 ----a-w c:\windows\system32\NCTAudioVisualization2.dll
2009-05-02 01:00 . 2005-03-10 21:00 454656 ----a-w c:\windows\system32\NCTAudioRecord2.dll
2009-05-02 01:00 . 2005-06-01 17:11 877568 ----a-w c:\windows\system32\NCTAudioFile2.dll
2009-05-02 01:00 . 2003-03-19 16:03 544768 ----a-w c:\windows\system32\msvcr71d.dll
2009-05-02 01:00 . 2009-05-02 01:00 -------- d-----w c:\program files\Fox Audio Recorder
2009-04-28 19:09 . 2009-04-28 20:00 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-28 19:08 . 2009-04-29 01:32 -------- d-----w c:\program files\RM to MP3 Converter
2009-04-28 09:19 . 2009-04-28 09:19 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-27 06:11 . 2009-05-05 12:44 -------- d-----w c:\program files\Common Files\delet
2009-04-25 09:17 . 2004-01-27 22:24 991232 ----a-w c:\windows\system32\W22MLRES.dll
2009-04-25 09:11 . 2004-01-27 22:23 344064 ----a-w c:\windows\system32\w22NCPA.dll
2009-04-25 09:11 . 2004-03-08 15:43 1657344 ----a-w c:\windows\system32\drivers\w22n51.sys
2009-04-23 01:27 . 2009-04-23 01:27 -------- d-----w c:\documents and settings\basil net\Application Data\ZoomBrowser EX
2009-04-23 01:20 . 2009-04-23 01:20 -------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-04-23 01:20 . 2009-04-23 01:21 -------- d-----w c:\program files\Canon
2009-04-23 01:18 . 2009-04-23 01:18 -------- d-----w c:\program files\Common Files\Canon
2009-04-23 00:01 . 2009-04-27 21:07 -------- d-----w c:\documents and settings\basil net\Local Settings\Application Data\WMTools Downloaded Files
2009-04-22 13:13 . 2009-04-22 13:13 -------- d-----w c:\program files\Xilisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 23:36 . 2009-04-13 17:42 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-18 20:57 . 2009-04-06 19:04 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-16 22:14 . 2009-04-08 20:19 626688 ----a-w c:\windows\system32\agsaamh.dll
2009-05-16 22:14 . 2009-04-06 18:14 90112 ----a-w c:\windows\system32\agsaami.dll
2009-05-16 22:14 . 2009-04-06 18:14 2846720 ----a-w c:\windows\system32\agsaamj.dll
2009-05-16 22:14 . 2009-04-08 20:19 551424 ----a-w c:\windows\system32\agsaame.dll
2009-05-16 22:14 . 2009-04-08 20:19 544256 ----a-w c:\windows\system32\agsaamd.dll
2009-05-16 22:14 . 2009-04-08 20:19 538624 ----a-w c:\windows\system32\agsaamb.dll
2009-05-16 22:14 . 2009-04-08 20:19 331776 ----a-w c:\windows\system32\agsaama.dll
2009-05-16 22:14 . 2009-04-06 18:14 753664 ----a-w c:\windows\system32\agsaamg.dll
2009-05-16 22:14 . 2009-04-06 18:14 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-05-15 05:09 . 2009-04-06 17:41 80040 ----a-w c:\documents and settings\basil net\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-15 05:04 . 2009-05-13 21:31 -------- d-----w c:\program files\Nokia
2009-05-14 00:08 . 2009-05-14 00:08 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-05-14 00:08 . 2009-05-14 00:08 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-13 22:58 . 2009-05-13 22:58 -------- d-----w c:\program files\DIFX
2009-05-13 22:43 . 2009-05-13 21:59 -------- d-----w c:\program files\PC Connectivity Solution(2)
2009-05-10 05:57 . 2009-04-20 20:18 -------- d-----w c:\program files\Sony
2009-05-09 19:41 . 2009-04-20 18:43 -------- d-----w c:\program files\Sony Setup
2009-05-06 05:23 . 2009-04-06 18:14 1986560 ----a-w c:\windows\system32\akll.dll
2009-05-06 05:23 . 2009-04-06 18:14 196608 ----a-w c:\windows\system32\maag.dll
2009-05-06 05:23 . 2009-04-06 18:14 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-28 12:10 . 2009-04-06 19:03 -------- d-----w c:\program files\Hotspot Shield
2009-04-25 08:28 . 2009-04-09 10:56 -------- d-----w c:\program files\Common Files\Intel
2009-04-25 08:28 . 2009-04-09 10:54 -------- d-----w c:\program files\Intel
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\435ZH7Z1.DAT
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\H7NB7LV1.DAT
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\DVNZBZNN.DAT
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\2ZPV3XRX.DAT
2009-04-24 21:47 . 2009-04-24 21:47 2678 ----a-w c:\windows\java\Packages\Data\MK24OJTV.DAT
2009-04-24 08:46 . 2009-04-08 18:40 -------- d-----w c:\program files\Folder Lock
2009-04-23 01:23 . 2009-04-10 20:33 -------- d-----w c:\program files\Windows Desktop Search
2009-04-19 12:43 . 2009-04-06 18:34 -------- d-----w c:\program files\Common Files\Adobe
2009-04-19 11:54 . 2009-04-19 11:54 -------- d-----w c:\program files\FastStone Image Viewer
2009-04-19 09:47 . 2009-04-19 09:47 -------- d-----w c:\program files\Apple Software Update
2009-04-17 13:11 . 2009-04-17 13:10 -------- d-----w c:\program files\Acoustica MP3 Audio Mixer
2009-04-17 01:08 . 2009-04-06 19:04 -------- d-----w c:\program files\Windows Live
2009-04-17 01:05 . 2009-04-10 20:34 -------- d-----w c:\program files\Microsoft
2009-04-15 18:12 . 2009-04-15 18:12 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-13 20:18 . 2009-04-13 20:18 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-13 19:10 . 2009-04-13 19:10 -------- d-----w c:\program files\MSBuild
2009-04-13 19:09 . 2009-04-13 19:09 -------- d-----w c:\program files\Reference Assemblies
2009-04-13 17:43 . 2009-04-13 17:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 17:43 . 2009-04-13 17:43 -------- d-----w c:\program files\Realtek
2009-04-12 17:46 . 2009-04-12 17:40 -------- d-----w c:\program files\ma-config.com
2009-04-12 17:46 . 2009-04-12 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-04-12 10:05 . 2009-04-12 10:05 -------- d-----w c:\program files\MSECache
2009-04-11 00:20 . 2009-04-11 00:19 -------- d-----w c:\program files\FAHESS
2009-04-10 23:24 . 2009-04-10 23:24 -------- d-----w c:\program files\Fahess_Activation
2009-04-10 23:24 . 2009-04-10 23:23 -------- d-----w c:\program files\Common Files\Motive
2009-04-10 21:30 . 2009-04-10 21:30 132 ----a-w c:\documents and settings\basil net\Local Settings\Application Data\fusioncache.dat
2009-04-10 20:32 . 2009-04-10 20:32 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-09 10:56 . 2009-04-09 10:56 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-08 20:22 . 2009-04-08 20:19 344064 ----a-w c:\windows\system32\dkll.dll
2009-04-08 18:40 . 2009-04-08 18:40 35363 ----a-w c:\windows\system32\windrvNT.sys
2009-04-07 19:09 . 2009-04-07 19:09 203776 ----a-w c:\windows\system32\clrviddc.dll
2009-04-07 18:53 . 2009-04-07 18:53 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-07 18:33 . 2009-04-07 18:33 -------- d-----w c:\program files\IEPro
2009-04-07 18:20 . 2009-04-07 18:20 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-07 18:20 . 2009-04-07 18:08 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-04-07 17:16 . 2009-04-07 17:16 -------- d-----w c:\program files\Common Files\xing shared
2009-04-07 17:15 . 2009-04-06 18:12 -------- d-----w c:\program files\Common Files\Real
2009-04-07 17:14 . 2009-04-06 18:12 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-07 17:14 . 2009-04-06 18:10 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-07 17:13 . 2009-04-06 17:33 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-07 00:50 . 2009-04-07 00:35 592 ----a-w c:\windows\chgkey.vbs
2009-04-06 20:42 . 2009-04-06 20:42 0 ----a-w c:\windows\nsreg.dat
2009-04-06 18:43 . 2009-04-06 18:43 -------- d-----w c:\program files\Microsoft.NET
2009-04-06 18:43 . 2009-04-06 18:43 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-06 18:13 . 2009-04-06 18:13 -------- d-----w c:\program files\VideoLAN
2009-04-06 18:12 . 2009-04-06 18:12 -------- d-----w c:\program files\Real
2009-04-06 18:11 . 2009-04-06 18:11 2232 ----a-w c:\windows\java\Packages\Data\JZ5VXVV1.DAT
2009-04-06 18:11 . 2009-04-06 18:11 155995 ----a-w c:\windows\java\Packages\N13HF13T.ZIP
2009-04-06 18:10 . 2009-04-06 18:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-06 18:08 . 2009-04-06 18:08 -------- d-----w c:\program files\Nero
2009-04-06 18:06 . 2009-04-06 18:06 -------- d-----w c:\program files\AVG
2009-04-06 18:04 . 2009-04-06 18:04 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-06 18:04 . 2009-04-06 18:04 172032 ------w c:\windows\Setup1.exe
2009-04-06 18:04 . 2009-04-06 18:04 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-06 17:34 . 2009-04-06 17:34 -------- d-----w c:\program files\microsoft frontpage
2009-04-06 17:33 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-06 17:30 . 2009-04-06 17:30 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-03 18:18 . 2009-04-17 10:29 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-03-29 17:29 . 2009-04-06 17:44 67584 ----a-r c:\windows\system32\drivers\tifm21.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-27 04:29 . 2009-02-27 04:29 204800 ----a-w c:\windows\system32\NetProvCredMan(2).dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-18_11.44.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 14:05 . 2009-05-21 14:05 16384 c:\windows\temp\Perflib_Perfdata_244.dat
- 2009-04-06 17:38 . 2009-05-18 08:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-06 17:38 . 2009-05-20 02:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-06 17:38 . 2009-05-18 08:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-06 17:38 . 2009-05-20 02:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-06 17:38 . 2009-05-20 02:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-06 17:38 . 2009-05-18 08:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-06 18:44 . 2009-05-15 09:08 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-04-17 18:32 . 2009-05-19 23:58 163696 c:\windows\system32\Restore\rstrlog.dat
- 2009-04-06 18:44 . 2009-05-15 09:08 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-06 18:44 . 2009-05-15 09:08 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-06 18:44 . 2009-05-19 02:45 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-28 12:04 332776 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-11-20 155904]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-07 198160]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FAHESS_McciTrayApp"=c:\program files\FAHESS\McciTrayApp.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [06/04/2009 11:22 م 6784]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [22/04/2009 04:12 ص 328752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [12/05/2009 01:19 ص 603904]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [17/04/2009 01:29 م 33256]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 24592]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [06/04/2009 11:22 م 16000]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [06/04/2009 08:49 م 987648]
R3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [06/04/2009 08:49 م 242176]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [23/04/2009 12:34 ص 34352]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 ص 216232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0676CE18-9B5E-3DB3-E313-6BA337B14FE2}]
c:\docume~1\BASILN~1\LOCALS~1\Temp\hr.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 13:28]

2009-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-05-19 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]

2009-05-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]

2009-05-21 c:\windows\Tasks\الصيانة بنقرة واحدة.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 13:28]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}\components\SDIIntegrator.dll
FF - component: c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\basil net\Application Data\Mozilla\Firefox\Profiles\1j0jwmat.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-21 17:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-05-21 17:12
ComboFix-quarantined-files.txt 2009-05-21 14:12
ComboFix2.txt 2009-05-18 11:45
ComboFix3.txt 2009-05-15 00:07
ComboFix4.txt 2009-05-10 06:39
ComboFix5.txt 2009-05-21 14:09

Pre-Run: 48,026,361,856 bytes free
Post-Run: 48,012,185,600 bytes free

308 --- E O F --- 2009-05-19 02:45
_____________________________________________________________

تقرير الهاي جاك

Logfile of HijackThis v1.99.1
Scan saved at 17:14:20, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\basil net\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)


 
تأييد 0
تقرير سليم وحلو


كيف الاوضاع الحين

 
توقيع : format
تأييد 0
اولا انا اسف على التأخير بالرد ولكن انت تعرف ان الموقع كان مقفل

الحمد لله ابشرك الوضع سليم لكن الكاسبر رجع ونصب نفسه شلون وكيف ماني عارف هو من حاله مع اني حاذفه ولكنه الحين قاعد ومؤدب ماادري هل المشكل لمن ركبت له تعريب او شو المشكله ....

عموما الف الف شكر والله يجزاك كل خير
 
تأييد 0
الحمد لله على حل المشكلة .... اخي طلال قم بتحديث الكاسبر واعمل فحص كامل للجهاز ....


في امان ربي
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى