تقرير الهايجاك

أميرة ذآإآتي · 24 مايو 2009

الســلام عليكم و رحمة الله

هذا تقرير الهايجاك لجهازي
ابي اتأكد من سلامته فقط

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:47 ص, on 24/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\I-R-I\سطح المكتب\منوعات\HiJackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{C7EB8285-CDE3-4272-B9E9-AB6BF5E66784}: NameServer = 84.235.6.55
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4064 bytes

فارس الملاك · 24 مايو 2009

جاري التحليل

gaberbkr · 24 مايو 2009

يفضل دائماً حذف إى تولبار من أضافة وإذالة البرامج
أوأستخدام HiJackThis
وتعطيل كل القيم التى تحمل رقم 03

فارس الملاك · 24 مايو 2009

اختي احذفي هذه

O17 - HKLM\System\CCS\Services\Tcpip\..\{C7EB8285-CDE3-4272-B9E9-AB6BF5E66784}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وياليت تطبيقين الي في هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واذا ممكن تقرير بهالاداة

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

فارس الملاك · 24 مايو 2009

gaberbkr قال:
يفضل دائماً حذف إى تولبار من أضافة وإذالة البرامج
أوأستخدام HiJackThis
وتعطيل كل القيم التى تحمل رقم 03

k:

أميرة ذآإآتي · 24 مايو 2009

تم حذف القيم التي ذكرتموها

جاري تنزيل الاداة

أميرة ذآإآتي · 24 مايو 2009

هذا التقرير

ComboFix 09-05-23.04 - I-R-I 05/24/2009 12:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.223.72 [GMT 3:00]
Running from: c:\documents and settings\I-R-I\سطح المكتب\منوعات\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.
2009-05-24 07:23 . 2003-02-28 15:26 139536 ----a-w c:\windows\system32\javaee.dll
2009-05-23 20:26 . 2009-05-23 20:26 45056 ----a-r c:\documents and settings\I-R-I\Application Data\Microsoft\Installer\{E936802D-D59E-4FDC-9642-F8178F68BC1D}\NewShortcut11_E936802DD59E4FDC9642F8178F68BC1D.exe
2009-05-23 20:26 . 2009-05-23 20:26 45056 ----a-r c:\documents and settings\I-R-I\Application Data\Microsoft\Installer\{E936802D-D59E-4FDC-9642-F8178F68BC1D}\NewShortcut1_E936802DD59E4FDC9642F8178F68BC1D.exe
2009-05-23 20:26 . 2009-05-23 20:26 10134 ----a-r c:\documents and settings\I-R-I\Application Data\Microsoft\Installer\{E936802D-D59E-4FDC-9642-F8178F68BC1D}\ARPPRODUCTICON.exe
2009-05-23 10:46 . 2009-05-23 10:46 -------- d-----w c:\documents and settings\I-R-I\Local Settings\Application Data\Help
2009-05-21 05:29 . 2009-05-21 05:29 206088 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-21 05:29 . 2009-05-21 05:29 33808 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-21 05:28 . 2009-05-21 05:28 226832 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-21 05:04 . 2009-05-21 05:29 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-21 05:04 . 2009-05-21 05:29 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-21 05:03 . 2009-05-24 09:01 278560 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-21 05:03 . 2009-05-24 08:49 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-21 05:03 . 2009-05-24 08:47 1555488 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-21 05:03 . 2009-05-21 05:03 -------- d-----w c:\program files\Kaspersky Lab
2009-05-21 01:13 . 2009-05-21 01:13 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-21 00:10 . 2009-03-24 13:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-21 00:10 . 2009-05-21 01:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-20 20:44 . 2009-05-20 20:44 -------- d-----w c:\program files\Conduit
2009-05-20 12:21 . 2009-05-20 12:21 -------- d-----w c:\documents and settings\I-R-I\Local Settings\Application Data\Conduit
2009-05-19 13:39 . 2009-05-20 20:44 -------- d-----w c:\program files\iVocalize Web Conference 4
2009-05-19 12:07 . 2009-05-19 12:09 811008 ----a-w c:\windows\AL-MOHAGR.scr
2009-05-19 02:43 . 2009-05-23 11:28 -------- d-----w c:\program files\a-squared Free
2009-05-18 11:59 . 2009-05-23 09:11 -------- d-----w c:\program files\Muslim Bag
2009-05-18 11:59 . 2009-05-18 11:59 -------- d-----w c:\windows\Muslim Bag
2009-05-16 07:30 . 2009-05-18 05:58 -------- d-----w c:\program files\LtUcx
2009-05-16 07:08 . 2009-05-16 07:08 -------- d-----w c:\program files\Domain Tools
2009-05-16 06:49 . 2009-05-16 07:19 -------- d-----w c:\program files\All2Chat
2009-05-14 09:21 . 2009-05-14 09:21 -------- d-----w c:\program files\BlazeVideo
2009-05-14 09:16 . 2009-05-20 00:00 10017 ----a-w c:\documents and settings\All Users\Application Data\BlazeVideo\VideoMagic3\BlazeVideoMagic.dll
2009-05-14 09:16 . 2009-05-19 04:23 -------- d-----w c:\program files\Blaze Video Magic
2009-05-14 09:16 . 2009-05-14 09:16 -------- d-----w c:\documents and settings\All Users\Application Data\BlazeVideo
2009-05-08 15:35 . 2009-05-08 15:36 53319 ----a-w c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-05-08 13:45 . 2009-05-08 13:49 -------- d-----w c:\documents and settings\I-R-I\Local Settings\Application Data\Google
2009-05-05 00:46 . 2009-05-05 00:46 196608 ----a-w c:\windows\system32\avisynth.dll
2009-05-05 00:46 . 2009-05-05 00:46 -------- d-----w c:\program files\DivXCodec
2009-05-05 00:46 . 2009-05-05 00:47 -------- d-----w c:\program files\GordianKnot
2009-05-05 00:46 . 2009-05-05 00:46 33280 ----a-w c:\windows\system32\HUFFYUV.DLL
2009-05-05 00:13 . 2009-05-09 09:59 -------- d-----w c:\documents and settings\I-R-I\Application Data\Thinstall
2009-05-05 00:13 . 2009-05-05 00:13 -------- d-----w c:\documents and settings\I-R-I\Local Settings\Application Data\Thinstall
2009-05-04 22:27 . 2009-05-04 22:27 -------- d-----w c:\documents and settings\I-R-I\Local Settings\Application Data\Identities
2009-05-04 04:54 . 2009-05-04 11:15 -------- d-----w c:\documents and settings\I-R-I\Local Settings\Application Data\Adobe
2009-05-04 00:05 . 2004-03-29 12:23 90112 ----a-w c:\windows\unvise32.exe
2009-05-04 00:05 . 2009-05-04 00:05 -------- d-----w c:\program files\Common Files\SWiSHzone.com
2009-05-04 00:05 . 2009-05-04 00:07 -------- d-----w c:\program files\SWiSH Max2
2009-05-03 08:11 . 2009-05-03 08:11 -------- d-----w c:\documents and settings\I-R-I\Application Data\Media Player Classic
2009-05-03 06:55 . 2009-05-08 15:35 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-03 06:55 . 2009-05-03 06:55 -------- d-----w c:\program files\Super Internet TV
2009-05-03 06:44 . 2009-05-03 06:44 -------- d--h--w c:\windows\PIF
2009-05-03 01:02 . 2009-05-03 01:02 2967799 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-03 00:59 . 2009-05-03 00:59 -------- d-----w c:\documents and settings\I-R-I\Application Data\Malwarebytes
2009-05-03 00:59 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 00:59 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 00:59 . 2009-05-03 01:02 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 00:59 . 2009-05-03 00:59 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 20:55 . 2009-05-02 20:55 0 ----a-w c:\windows\nsreg.dat
2009-05-02 20:55 . 2009-05-02 20:55 -------- d-----w c:\documents and settings\I-R-I\Local Settings\Application Data\Mozilla
2009-05-02 13:51 . 2009-05-02 13:51 40960 ----a-r c:\documents and settings\I-R-I\Application Data\Microsoft\Installer\{C6E3BCF7-7F0E-4FDF-AA48-608F9687EDCD}\NewShortcut11_C6E3BCF77F0E4FDFAA48608F9687EDCD.exe
2009-05-02 13:51 . 2009-05-02 13:51 40960 ----a-r c:\documents and settings\I-R-I\Application Data\Microsoft\Installer\{C6E3BCF7-7F0E-4FDF-AA48-608F9687EDCD}\NewShortcut1_C6E3BCF77F0E4FDFAA48608F9687EDCD.exe
2009-05-02 13:51 . 2009-05-02 13:51 10134 ----a-r c:\documents and settings\I-R-I\Application Data\Microsoft\Installer\{C6E3BCF7-7F0E-4FDF-AA48-608F9687EDCD}\ARPPRODUCTICON.exe
2009-05-02 13:51 . 2009-05-23 20:25 -------- d-----w c:\program files\Samy Soft
2009-05-01 17:44 . 2008-06-14 17:59 271616 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-01 17:44 . 2008-06-14 17:59 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-05-01 17:12 . 2009-02-09 11:48 2059264 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-01 17:12 . 2009-02-09 11:48 2017280 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-01 17:12 . 2009-02-09 11:48 2182016 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-01 17:12 . 2009-02-09 11:48 2137600 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-01 16:56 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-01 16:41 . 2009-05-04 21:41 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-01 14:49 . 2009-05-02 00:22 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-01 14:43 . 2008-07-09 07:34 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-01 14:43 . 2009-05-02 00:50 -------- d--h--w c:\windows\$hf_mig$
2009-05-01 14:30 . 2008-10-16 11:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-01 14:27 . 2009-05-01 14:27 -------- d-s---w c:\documents and settings\I-R-I\UserData
2009-05-01 13:18 . 2009-05-23 03:40 -------- d-----w c:\documents and settings\I-R-I\Application Data\X-NetStat
2009-05-01 13:18 . 2009-05-01 13:18 -------- d-----w c:\program files\X-NetStat Professional
2009-05-01 09:53 . 2009-05-01 09:53 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-01 09:47 . 2009-05-24 03:30 -------- d-----w c:\documents and settings\I-R-I\Tracing
2009-05-01 09:45 . 2009-05-01 09:45 -------- d-----w c:\program files\Microsoft
2009-05-01 09:45 . 2009-05-01 09:45 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-01 00:55 . 2009-05-01 00:55 -------- d-----w c:\documents and settings\I-R-I\Application Data\COWON
2009-04-30 21:00 . 2009-04-30 21:00 -------- d-----w c:\documents and settings\I-R-I\Contacts
2009-04-30 19:37 . 2009-04-30 19:37 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-30 19:01 . 2004-08-03 21:55 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-30 19:01 . 2004-08-03 21:55 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-30 19:01 . 2004-08-03 21:45 14720 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-04-30 19:01 . 2004-08-03 21:45 14720 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-30 19:01 . 2001-09-18 10:38 12160 -c--a-w c:\windows\system32\dllcache\mouhid.sys
2009-04-30 19:01 . 2001-09-18 10:38 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-04-30 19:01 . 2001-08-17 11:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-30 19:01 . 2001-08-17 11:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-30 19:01 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-30 19:01 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 09:01 . 2009-05-21 05:03 2032 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-24 08:53 . 2001-09-19 15:00 41076 ----a-w c:\windows\system32\perfc001.dat
2009-05-24 08:53 . 2001-09-19 15:00 254326 ----a-w c:\windows\system32\perfh001.dat
2009-05-24 08:47 . 2009-05-21 05:03 13232 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-24 07:23 . 2009-05-24 07:23 2678 ----a-w c:\windows\java\Packages\Data\CRBZPFNR.DAT
2009-05-24 07:23 . 2009-05-24 07:23 2678 ----a-w c:\windows\java\Packages\Data\OMJ775RZ.DAT
2009-05-24 07:23 . 2009-05-24 07:23 2678 ----a-w c:\windows\java\Packages\Data\R53JRNB7.DAT
2009-05-24 07:23 . 2009-05-24 07:23 2678 ----a-w c:\windows\java\Packages\Data\Y8KTBR7J.DAT
2009-05-24 07:23 . 2009-05-24 07:23 2678 ----a-w c:\windows\java\Packages\Data\BF7HNFRD.DAT
2009-05-23 20:31 . 2009-04-30 15:08 -------- d-----w c:\documents and settings\I-R-I\Application Data\dvdcss
2009-05-23 10:04 . 2009-04-30 14:25 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-21 10:58 . 2009-04-30 15:02 -------- d-----w c:\program files\Google
2009-05-21 05:29 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-20 20:44 . 2009-04-30 14:54 -------- d-----w c:\program files\mpegable
2009-05-17 06:14 . 2009-04-30 14:55 -------- d-----w c:\program files\JetAudio
2009-05-09 13:01 . 2009-04-30 14:33 226304 ----a-w c:\documents and settings\I-R-I\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 09:45 . 2009-04-30 14:53 -------- d-----w c:\program files\Windows Live
2009-04-30 17:40 . 2009-04-30 14:50 -------- d-----w c:\program files\Common Files\Adobe
2009-04-30 17:38 . 2009-04-30 14:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 17:31 . 2009-04-30 17:31 -------- d-----w c:\program files\Conexant
2009-04-30 15:02 . 2009-04-30 15:02 -------- d-----w c:\documents and settings\I-R-I\Application Data\GRETECH
2009-04-30 15:02 . 2009-04-30 15:02 -------- d-----w c:\program files\GRETECH
2009-04-30 15:01 . 2009-04-30 15:01 -------- d-----w c:\program files\Common Files\xing shared
2009-04-30 15:01 . 2009-04-30 15:01 -------- d-----w c:\program files\Common Files\Real
2009-04-30 15:01 . 2009-04-30 15:01 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-30 15:01 . 2003-02-21 02:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-30 15:01 . 2009-04-30 15:01 -------- d-----w c:\program files\Real
2009-04-30 15:00 . 2009-04-30 15:00 -------- d-----w c:\documents and settings\I-R-I\Application Data\vlc
2009-04-30 14:58 . 2009-04-30 14:58 -------- d-----w c:\program files\VideoLAN
2009-04-30 14:58 . 2009-04-30 14:58 -------- d-----w c:\program files\XP Codec Pack
2009-04-30 14:56 . 2009-04-30 14:55 -------- d-----w c:\program files\Common Files\COWON
2009-04-30 14:55 . 2009-04-30 14:55 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-30 14:54 . 2009-04-30 14:54 47104 ------w c:\windows\AKDeInstall.exe
2009-04-30 14:48 . 2009-04-30 14:48 2232 ----a-w c:\windows\java\Packages\Data\RTFJPJFX.DAT
2009-04-30 14:48 . 2009-04-30 14:48 155995 ----a-w c:\windows\java\Packages\2KUYYN97.ZIP
2009-04-30 14:47 . 2009-04-30 14:47 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-30 14:47 . 2009-04-30 14:47 172032 ------w c:\windows\Setup1.exe
2009-04-30 14:47 . 2009-04-30 14:47 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-30 14:44 . 2009-04-30 14:44 -------- d-----w c:\program files\Microsoft.NET
2009-04-30 14:26 . 2009-04-30 14:26 -------- d-----w c:\program files\microsoft frontpage
2009-04-30 14:22 . 2009-04-30 14:22 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:44 . 2004-08-04 00:55 282624 ----a-w c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-21_10.39.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-09-19 15:00 . 2009-05-24 08:53 40972 c:\windows\system32\perfc009.dat
- 2001-09-19 15:00 . 2009-05-21 10:04 40972 c:\windows\system32\perfc009.dat
- 2009-04-30 14:48 . 2002-02-18 07:23 21264 c:\windows\system32\msjdbc10.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 21264 c:\windows\system32\msjdbc10.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 15120 c:\windows\system32\jdbgmgr.exe
- 2009-04-30 14:48 . 2002-02-18 07:23 15120 c:\windows\system32\jdbgmgr.exe
- 2009-04-30 14:48 . 2002-02-18 07:22 63248 c:\windows\system32\javaprxy.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 63248 c:\windows\system32\javaprxy.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 49424 c:\windows\system32\clspack.exe
- 2009-04-30 14:48 . 2002-02-18 07:23 49424 c:\windows\system32\clspack.exe
+ 2009-04-30 14:48 . 2003-02-28 15:26 46352 c:\windows\setdebug.exe
- 2009-04-30 14:48 . 2002-02-18 07:23 46352 c:\windows\setdebug.exe
+ 2009-04-30 14:25 . 2009-05-23 10:04 2426 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-04-30 14:25 . 2009-05-23 10:02 8972 c:\windows\pchealth\helpctr\Config\Cntstore.bin
+ 2009-04-30 14:48 . 2003-02-28 13:35 6550 c:\windows\jautoexp.dat
- 2009-04-30 14:48 . 2002-02-18 04:35 6550 c:\windows\jautoexp.dat
+ 2009-04-30 14:48 . 2003-02-28 15:26 171792 c:\windows\system32\wjview.exe
- 2009-04-30 14:48 . 2002-02-18 07:23 171792 c:\windows\system32\wjview.exe
- 2009-04-30 14:48 . 2002-02-18 07:23 286992 c:\windows\system32\vmhelper.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 286992 c:\windows\system32\vmhelper.dll
- 2001-09-19 15:00 . 2009-05-21 10:04 314644 c:\windows\system32\perfh009.dat
+ 2001-09-19 15:00 . 2009-05-24 08:53 314644 c:\windows\system32\perfh009.dat
+ 2000-04-03 17:05 . 2000-04-03 17:05 118784 c:\windows\system32\msstdfmt.dll
- 2000-05-23 19:45 . 2000-05-23 19:45 118784 c:\windows\system32\MSSTDFMT.DLL
+ 2009-04-30 14:48 . 2003-02-28 15:26 947472 c:\windows\system32\msjava.dll
- 2009-04-30 14:48 . 2002-02-18 07:23 154384 c:\windows\system32\msawt.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 154384 c:\windows\system32\msawt.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 172304 c:\windows\system32\jview.exe
- 2009-04-30 14:48 . 2002-02-18 07:23 172304 c:\windows\system32\jview.exe
+ 2009-04-30 14:48 . 2003-02-28 15:26 171280 c:\windows\system32\jit.dll
- 2009-04-30 14:48 . 2002-02-18 07:22 171280 c:\windows\system32\jit.dll
- 2009-04-30 14:48 . 2002-02-18 07:22 404752 c:\windows\system32\javart.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 404752 c:\windows\system32\javart.dll
- 2009-04-30 14:48 . 2002-02-18 07:22 187152 c:\windows\system32\javacypt.dll
+ 2009-04-30 14:48 . 2003-02-28 15:26 187152 c:\windows\system32\javacypt.dll
- 2009-04-30 14:48 . 2002-02-18 04:34 313856 c:\windows\system32\dx3j.dll
+ 2009-04-30 14:48 . 2003-02-28 13:34 313856 c:\windows\system32\dx3j.dll
+ 2009-05-24 07:16 . 2009-05-06 21:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2005-08-25 344064]
"DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2005-08-25 65536]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-21 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-30 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC456810-5875-7680-8C89-12FBF6A9A98A}]
c:\windows\Bifrost\win.exe s
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
TCP: {C7EB8285-CDE3-4272-B9E9-AB6BF5E66784} = 84.235.6.55
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\I-R-I\Application Data\Mozilla\Firefox\Profiles\ipxx5lif.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 4shared Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-24 12:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\NTMARTA.DLL
.
Completion time: 2009-05-24 12:07
ComboFix-quarantined-files.txt 2009-05-24 09:07
ComboFix2.txt 2009-05-21 10:42
Pre-Run: 14,933,385,216 bytes free
Post-Run: 14,927,339,520 bytes free
270 --- E O F --- 2009-05-24 07:24

format · 24 مايو 2009

هات تقرير هايجك جديد

فارس الملاك · 24 مايو 2009

ممكن تقرير بالاداة ايضا

شوف ياغالي ,,, حمل هذه الاداة ,,

واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات

و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

هات تقرير هايجك جديد

تقرير الهايجاك

أميرة ذآإآتي

زيزوومي جديد

فارس الملاك

زيزوومى محترف

توقيع : فارس الملاك

gaberbkr

زيزوومى مميز

توقيع : gaberbkr

فارس الملاك

زيزوومى محترف

توقيع : فارس الملاك

فارس الملاك

زيزوومى محترف

توقيع : فارس الملاك

أميرة ذآإآتي

زيزوومي جديد

أميرة ذآإآتي

زيزوومي جديد

format

زيزوومي ماسى

توقيع : format

فارس الملاك

زيزوومى محترف

توقيع : فارس الملاك

حصري (ينتهي الدعم في 13 يناير 2032) Windows 10 IoT Enterprise LTSC 2021 (19044.6276) Aio Multi Update August 2025