• بادئ الموضوع بادئ الموضوع NAAAIF
  • تاريخ البدء تاريخ البدء
  • المشاهدات 783

NAAAIF

زيزوومي جديد
إنضم
16 مارس 2008
المشاركات
88
مستوى التفاعل
0
النقاط
80
غير متصل
السلام عليكم ورحمه الله وبركاته​

اخوتي في الله تروجان ظهر لي من كذا يوم واتفاجا وقتها باختراق موقعي والاستيلاء​

على بياناتي كامله ارجو شوفوا التقارير لأتأكد قبل الفورمات ..​

وهنا تقرير الهايجك وتقرير اداه الكاسبر وايضا الاداه ComboFix وصوره التروجان من الكاسبر ايضا ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 

و عليكم السلام و رحمة الله و بركته ...

حياك الله
...

أعمل
التالي ...

حمل هذه
الأداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها
و روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقرير
داخل مفكرة ...

أنسخه كاملا
ً ... و بشكل صحيح ...

و لصقه في ردك
القادم ...
 
توقيع : format
تقرير الهايجك واداه الكاسبر موجود في الملف اللي رفعته يالغالي
 
هذا تقرير الهايجك

PHP:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:57:51  ص , on 03/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\AT\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6312 bytes

وهذا تقرير اداه الكاسبر

PHP:
Scan
----
Scanned: 194660
Detected: 0
Untreated: 0
Start time: 10/06/1430 08:01:08  ص 
Duration: 01:25:41
Finish time: 10/06/1430 09:26:49  ص 

Detected
--------
Status Object
------ ------

Events
------
Time Name Status Reason
---- ---- ------ ------

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search No
Use heuristic analyzer Yes

Quarantine
----------
Status Object Size Added
------ ------ ---- -----

Backup
------
Status Object Size
------ ------ ----

وهذا تقرير اداه ComboFix

PHP:
ComboFix 09-04-20.02 - AT 06/03/2009  7:54.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1256.966.1025.18.1526.1065 [GMT 3:00]
Running from: c:\documents and settings\AT\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\Autorun.inf
.
(((((((((((((((((((((((((   Files Created from 2009-05-03 to 2009-06-03  )))))))))))))))))))))))))))))))
.
2009-06-03 04:51 . 2009-06-03 04:51 164 --sha-w c:\windows\klif.spi
2009-05-30 18:46 . 2008-09-18 08:36 104960 ----a-w c:\windows\system32\drivers\ZTEusbser6k.sys
2009-05-30 18:46 . 2008-09-18 08:36 104960 ----a-w c:\windows\system32\drivers\ZTEusbnmea.sys
2009-05-30 18:46 . 2008-09-18 08:36 104960 ----a-w c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-05-30 18:46 . 2009-05-30 18:46 -------- d-----w c:\windows\system32\SupportAppXL
2009-05-27 12:44 . 2009-05-27 12:44 -------- d-----w c:\documents and settings\AT\Application Data\Acoustica
2009-05-27 12:44 . 2007-08-07 08:32 57344 ----a-w c:\windows\system32\Wnaspint.dll
2009-05-27 12:43 . 2009-05-27 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Acoustica
2009-05-26 08:38 . 2009-05-26 08:38 -------- d-sh--w c:\windows\ftpcache
2009-05-13 10:36 . 2009-05-13 10:36 -------- d-----w c:\documents and settings\AT\Application Data\Nokia
2009-05-13 10:22 . 2009-05-13 10:24 -------- d-----w c:\documents and settings\AT\Application Data\PC Suite
2009-05-13 10:22 . 2009-05-13 10:24 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-05-13 10:22 . 2006-05-29 05:26 50688 ----a-w c:\windows\system32\nmwcdcls.dll
2009-05-13 10:19 . 2009-05-13 10:19 25 ----a-w c:\windows\cdplayer.ini
2009-05-12 21:57 . 2008-10-03 12:30 414 ----a-w c:\windows\system32\lame_acm.xml
2009-05-12 21:57 . 2008-09-24 18:41 839680 ----a-w c:\windows\system32\lameACM.acm
2009-05-12 21:57 . 2007-09-21 00:52 118784 ----a-w c:\windows\system32\ac3acm.acm
2009-05-12 21:57 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-12 21:57 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-12 21:57 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-12 21:57 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-12 21:57 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-12 21:57 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-12 21:57 . 2009-03-02 18:10 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-12 21:57 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-05-12 21:57 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll
2009-05-12 11:49 . 2009-05-12 11:49 -------- d-----w c:\documents and settings\AT\Local Settings\Application Data\Help
2009-05-11 16:09 . 2009-05-11 16:09 -------- d-----w c:\windows\Sun
2009-05-11 11:16 . 2009-05-11 11:16 203776 ----a-w c:\windows\system32\clrviddc.dll
2009-05-11 00:02 . 2008-06-09 23:32 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-05-09 20:33 . 2009-05-27 14:12 -------- d-----w c:\documents and settings\AT\Application Data\uTorrent
2009-05-09 19:51 . 2009-05-09 19:51 64194 ----a-w c:\windows\BricoPackUninst.cmd
2009-05-09 19:50 . 2009-05-09 19:50 2359350 ----a-w c:\windows\BricoPack Wallpaper.bmp
2009-05-09 19:49 . 2009-05-09 19:51 6100 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-05-09 19:48 . 2009-05-09 19:48 -------- d-----w c:\windows\BricoPacks
2009-05-09 13:32 . 2009-05-09 13:32 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-09 13:32 . 2009-05-09 13:32 -------- d-----w c:\windows\system32\LogFiles
2009-05-08 14:04 . 2009-05-08 14:09 -------- d-----w c:\documents and settings\AT\amsn
2009-05-07 12:30 . 2009-05-07 12:30 -------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-05-05 15:15 . 2009-05-05 15:15 -------- d-----w c:\documents and settings\AT\Application Data\InstallShield
2009-05-04 20:27 . 2009-05-04 20:27 499712 ----a-w c:\windows\system32\msvcp71.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 04:54 . 2001-09-19 12:00 40316 ----a-w c:\windows\system32\perfc001.dat
2009-06-03 04:54 . 2001-09-19 12:00 251946 ----a-w c:\windows\system32\perfh001.dat
2009-06-03 04:51 . 2009-04-08 17:27 -------- d-----w c:\documents and settings\AT\Application Data\DMCache
2009-06-03 04:50 . 2009-04-08 23:14 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-03 04:47 . 2009-04-08 23:14 5052 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-06-03 04:47 . 2009-04-08 23:14 548896 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-06-03 04:47 . 2009-04-08 23:14 2508832 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-06-03 04:47 . 2009-04-08 23:14 22776 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-06-03 03:54 . 2009-05-30 18:46 -------- d-----w c:\program files\Mobily Connect Card
2009-06-02 14:20 . 2009-04-30 15:12 -------- d-----w c:\program files\Gabest
2009-05-30 18:46 . 2009-05-05 15:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-30 18:31 . 2009-04-10 01:04 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-28 01:56 . 2009-05-28 01:56 -------- d-----w c:\program files\Ask Search Assistant
2009-05-28 01:56 . 2009-04-08 23:57 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-28 01:56 . 2009-04-08 23:56 -------- d-----w c:\program files\MSN Messenger
2009-05-27 15:24 . 2009-04-11 18:08 -------- d-----w c:\documents and settings\AT\Application Data\IDM
2009-05-27 12:44 . 2009-05-27 12:43 -------- d-----w c:\program files\Acoustica Mixcraft 4
2009-05-27 12:44 . 2009-05-27 12:44 -------- d-----w c:\program files\Acoustica Shared Effects
2009-05-27 12:43 . 2009-05-27 12:43 -------- d-----w c:\program files\VST
2009-05-27 12:43 . 2009-05-01 10:21 -------- d-----w c:\program files\Acoustica Mixcraft
2009-05-27 05:36 . 2009-04-24 10:55 -------- d-----w c:\program files\Orca Browser
2009-05-27 05:34 . 2009-05-10 13:45 -------- d-----w c:\program files\Video GIF Converter
2009-05-26 08:37 . 2009-05-26 08:37 -------- d-----w c:\program files\PHP Expert Editor 4.3
2009-05-20 13:18 . 2009-04-08 23:14 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-20 13:18 . 2009-04-08 23:14 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-17 13:33 . 2009-04-30 15:10 -------- d-----w c:\program files\VirtualDub-1.6.19
2009-05-17 13:30 . 2009-05-05 15:16 -------- d-----w c:\program files\JetAudio
2009-05-17 13:30 . 2009-05-05 15:08 -------- d-----w c:\program files\Easy RealMedia Tools
2009-05-17 13:30 . 2009-04-08 23:59 -------- d-----w c:\program files\Paltalk Messenger
2009-05-17 13:30 . 2009-05-09 13:33 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-17 13:30 . 2009-05-09 08:19 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-17 13:30 . 2009-04-30 15:04 -------- d-----w c:\program files\x264
2009-05-17 13:10 . 2009-05-17 13:10 -------- d-----w c:\program files\Boilsoft Video Splitter
2009-05-17 13:09 . 2009-05-17 13:09 -------- d-----w c:\program files\URUSoft
2009-05-17 13:06 . 2009-05-17 13:06 -------- d-----w c:\program files\AVIcodec
2009-05-13 10:24 . 2009-05-13 10:24 -------- d-----w c:\program files\DIFX
2009-05-12 21:57 . 2009-05-12 21:57 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-12 12:27 . 2009-05-12 12:06 -------- d-----w c:\program files\MassSender
2009-05-11 00:03 . 2009-05-11 00:03 -------- d-----w c:\program files\Sun
2009-05-11 00:02 . 2009-05-11 00:01 -------- d-----w c:\program files\Java
2009-05-11 00:01 . 2009-05-11 00:01 -------- d-----w c:\program files\Common Files\Java
2009-05-09 20:46 . 2009-05-09 20:33 -------- d-----w c:\program files\uTorrent
2009-05-09 19:51 . 2004-08-03 21:55 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-05-09 08:38 . 2009-05-09 08:38 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-05-09 08:38 . 2009-04-22 05:32 -------- d-----w c:\program files\TechSmith
2009-05-09 08:29 . 2009-04-22 05:32 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-05-08 17:39 . 2009-05-08 17:39 -------- d-----w c:\program files\Common Files\xing shared
2009-05-08 17:39 . 2009-04-08 23:12 -------- d-----w c:\program files\Common Files\Real
2009-05-07 12:29 . 2009-05-07 12:29 -------- d-----w c:\program files\DU Meter
2009-05-05 15:17 . 2009-04-10 05:13 -------- d-----w c:\documents and settings\AT\Application Data\COWON
2009-05-05 15:16 . 2009-05-05 15:16 -------- d-----w c:\program files\Common Files\COWON
2009-05-05 13:33 . 2009-04-10 01:04 -------- d-----w c:\documents and settings\AT\Application Data\Thinstall
2009-05-04 15:57 . 2009-05-04 15:57 -------- d-----w c:\program files\NCH Software
2009-05-03 19:26 . 2009-05-03 19:26 -------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-05-03 19:24 . 2009-05-03 19:24 -------- d-----w c:\program files\IVT Corporation
2009-05-03 09:49 . 2009-05-03 09:49 1986560 ----a-w c:\windows\system32\akll.dll
2009-05-03 09:49 . 2009-05-03 09:49 196608 ----a-w c:\windows\system32\maag.dll
2009-05-03 09:49 . 2009-05-03 09:49 1245184 ----a-w c:\windows\system32\bkll.dll
2009-05-03 09:49 . 2009-05-03 09:49 1212416 ----a-w c:\windows\system32\ckll.dll
2009-05-03 09:49 . 2009-05-03 09:49 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-05-03 09:49 . 2009-05-03 09:49 90112 ----a-w c:\windows\system32\agsaami.dll
2009-05-03 09:49 . 2009-05-03 09:49 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-05-03 09:49 . 2009-05-03 09:49 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-05-03 09:49 . 2009-05-03 09:49 -------- d-----w c:\program files\Real_SC
2009-05-02 19:51 . 2009-05-02 17:36 -------- d-----w c:\program files\Internet Download Manager
2009-05-02 17:47 . 2009-04-22 06:08 -------- d-----w c:\program files\Easy Real Converter
2009-05-02 16:20 . 2009-05-02 16:20 -------- d-----w c:\program files\Xilisoft
2009-05-02 16:13 . 2009-05-02 16:11 -------- d-----w c:\program files\AviSynth 2.5
2009-05-02 15:58 . 2009-04-08 23:12 -------- d-----w c:\program files\Real
2009-05-02 15:16 . 2009-05-02 15:16 -------- d-----w c:\documents and settings\AT\Application Data\NCH Swift Sound
2009-05-01 06:49 . 2009-05-01 06:49 -------- d-----w c:\program files\CCleaner
2009-04-30 15:08 . 2009-04-08 15:46 94992 ----a-w c:\documents and settings\AT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 15:04 . 2009-04-30 15:04 580114 ----a-w c:\windows\system32\x264vfw.dll
2009-04-27 04:32 . 2009-04-08 23:59 -------- d-----w c:\program files\Avant Browser
2009-04-24 10:56 . 2009-04-24 10:56 -------- d-----w c:\documents and settings\AT\Application Data\Orca Profiles
2009-04-22 05:31 . 2009-04-22 05:31 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-21 06:03 . 2009-04-21 06:03 -------- d-----w c:\documents and settings\AT\Application Data\FlashFXP
2009-04-21 05:52 . 2009-04-21 05:51 -------- d-----w c:\program files\PowerZip 7.0
2009-04-21 02:13 . 2009-04-21 02:13 -------- d-----w c:\documents and settings\AT\Application Data\Xilisoft Corporation
2009-04-20 23:44 . 2009-04-09 00:00 -------- d-----w c:\documents and settings\AT\Application Data\Paltalk
2009-04-19 23:13 . 2009-04-19 23:13 -------- d-----w c:\program files\Luminositi
2009-04-11 16:21 . 2009-04-11 16:20 -------- d-----w c:\program files\Google
2009-04-11 05:47 . 2009-04-11 05:47 -------- d-----w c:\documents and settings\AT\Application Data\TeamViewer
2009-04-11 05:41 . 2009-04-11 05:41 -------- d-----w c:\documents and settings\AT\Application Data\ACD Systems
2009-04-11 05:39 . 2009-04-11 05:39 -------- d-----w c:\program files\Common Files\ACD Systems
2009-04-11 05:39 . 2009-04-11 05:39 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-11 05:39 . 2009-04-11 05:39 -------- d-----w c:\program files\ACD Systems
2009-04-11 03:49 . 2009-04-11 03:49 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-11 02:54 . 2009-04-11 02:54 -------- d-----w c:\program files\Foxit Software
2009-04-11 02:54 . 2009-04-11 02:54 -------- d-----w c:\documents and settings\AT\Application Data\Foxit
2009-04-11 02:32 . 2009-04-11 02:31 -------- d-----w c:\documents and settings\AT\Application Data\Media Player Classic
2009-04-10 01:19 . 2009-04-10 01:19 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-10 01:04 . 2009-04-10 01:04 -------- d-----w c:\documents and settings\AT\Application Data\URSoft
2009-04-09 21:06 . 2009-04-09 21:06 355584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-09 21:06 . 2009-04-09 21:06 -------- d-----w c:\documents and settings\AT\Application Data\TuneUp Software
2009-04-09 20:55 . 2009-04-09 20:55 -------- d-----w c:\program files\FlashFXP
2009-04-09 20:55 . 2009-04-09 20:55 -------- d-----w c:\documents and settings\All Users\Application Data\FlashFXP
2009-04-09 00:47 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-09 00:01 . 2009-04-09 00:01 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-08 23:59 . 2009-04-08 23:59 -------- d-----w c:\documents and settings\AT\Application Data\Avant Profiles
.
------- Sigcheck -------
[7] 2004-08-03 21:55 654848 1E1CEF80A11BDAB92B2A83F885D214D5 c:\windows\ie8\wininet.dll
[-] 2009-01-14 23:05 902656 8A11276D3EA94AD90E75AC5856EB1B67 c:\windows\system32\wininet.dll
[-] 2009-01-14 23:05 902656 8A11276D3EA94AD90E75AC5856EB1B67 c:\windows\system32\dllcache\wininet.dll
[-] 2004-08-03 21:56 973312 A10B8A9309FEE2BF9EE6538693844D77 c:\windows\explorer.exe
[-] 2004-08-03 21:56 973312 A10B8A9309FEE2BF9EE6538693844D77 c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-03 21:56 100352 FE6583E05057A70B96D83038544B22CD c:\windows\system32\wuauclt.exe
[-] 2004-08-03 21:56 100352 FE6583E05057A70B96D83038544B22CD c:\windows\system32\dllcache\wuauclt.exe
.
(((((((((((((((((((((((((((((   SnapShot_2009-05-13_13.09.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-30 18:46 . 2009-01-07 13:34 55296              c:\windows\system32\SupportAppXL\KillProcess.exe
+ 2009-05-30 18:46 . 2008-01-25 11:25 60416              c:\windows\system32\SupportAppXL\file_aut.exe
- 2001-09-19 12:00 . 2009-05-13 12:53 40326              c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-06-03 04:54 40326              c:\windows\system32\perfc009.dat
+ 2009-05-16 12:10 . 2006-05-29 05:26 13312              c:\windows\system32\DRVSTORE\nmwcdm2k_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcm.sys
- 2009-05-13 10:22 . 2006-05-29 05:26 13312              c:\windows\system32\DRVSTORE\nmwcdm2k_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcm.sys
- 2009-05-13 10:22 . 2006-05-29 05:26 13312              c:\windows\system32\DRVSTORE\nmwcdcj_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcj.sys
+ 2009-05-16 12:10 . 2006-05-29 05:26 13312              c:\windows\system32\DRVSTORE\nmwcdcj_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcj.sys
+ 2009-05-16 12:10 . 2006-05-29 05:26 30720              c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcocls.dll
- 2009-05-13 10:22 . 2006-05-29 05:26 30720              c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcocls.dll
- 2009-05-13 10:22 . 2006-05-29 05:26 50688              c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcls.dll
+ 2009-05-16 12:10 . 2006-05-29 05:26 50688              c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcls.dll
+ 2009-05-16 12:10 . 2006-05-29 05:26 8704              c:\windows\system32\DRVSTORE\nmwcdc_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdc.sys
- 2009-05-13 10:22 . 2006-05-29 05:26 8704              c:\windows\system32\DRVSTORE\nmwcdc_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdc.sys
- 2009-05-13 10:22 . 2006-05-29 05:26 4608              c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdlog.dll
+ 2009-05-16 12:10 . 2006-05-29 05:26 4608              c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdlog.dll
+ 2002-10-15 22:54 . 2002-10-15 22:54 153088              c:\windows\system32\unrar.dll
+ 2009-05-30 18:46 . 2009-03-01 21:20 372736              c:\windows\system32\SupportAppXL\Setup\setup.exe
+ 2009-05-30 18:46 . 2007-04-19 03:06 535552              c:\windows\system32\SupportAppXL\Setup\ISSetup.dll
+ 2009-05-30 18:46 . 2007-04-27 19:06 156616              c:\windows\system32\SupportAppXL\Setup\_Setup.dll
+ 2009-05-30 18:46 . 2009-03-01 07:19 257536              c:\windows\system32\SupportAppXL\LangENG\lan_ENG.dll
+ 2009-05-30 18:46 . 2009-03-01 07:32 257024              c:\windows\system32\SupportAppXL\LangARA\lan_ARA.dll
- 2001-09-19 12:00 . 2009-05-13 12:53 311938              c:\windows\system32\perfh009.dat
+ 2001-09-19 12:00 . 2009-06-03 04:54 311938              c:\windows\system32\perfh009.dat
- 2009-05-13 10:22 . 2006-05-29 05:26 127488              c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcd.sys
+ 2009-05-16 12:10 . 2006-05-29 05:26 127488              c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcd.sys
+ 2006-06-20 12:44 . 2006-06-20 12:44 117560              c:\windows\Downloaded Program Files\PURen-us.dll
+ 2009-05-21 17:12 . 2007-01-09 05:30 110592              c:\windows\Downloaded Program Files\PURar-sa.dll
+ 2006-06-20 12:44 . 2006-06-20 12:44 379704              c:\windows\Downloaded Program Files\MsnPUpld.dll
+ 2009-05-30 18:46 . 2009-03-01 07:38 1452032              c:\windows\system32\SupportAppXL\ENG\WaitingForm.dll
+ 2009-05-30 18:46 . 2007-08-31 15:41 1412608              c:\windows\system32\SupportAppXL\cc3260.dll
+ 2009-05-30 18:46 . 2009-03-01 07:42 1452032              c:\windows\system32\SupportAppXL\ARA\WaitingForm.dll
+ 2009-05-30 18:46 . 2009-03-01 07:41 11107328              c:\windows\system32\SupportAppXL\ENG\Modem.exe
+ 2009-05-30 18:46 . 2009-03-01 09:10 11217920              c:\windows\system32\SupportAppXL\ARA\Modem.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-28 68856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-29 2799024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-09 206088]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-08 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-06-21 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\AT\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-1-28 10950144]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3560:TCP"= 3560:TCP:afnbbj
R2 fqakx;System Support;c:\windows\system32\svchost.exe [2004-08-03 14336]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-09 33808]
S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [2007-01-09 20539]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
fqakx
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f0ab72e-247e-11de-811a-00c09fff6fd1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f0ab72f-247e-11de-811a-00c09fff6fd1}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f0ab736-247e-11de-811a-00c09fff6fd1}]
\Shell\AutoRun\command - WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52fcc2f0-2494-11de-811b-00c09fff6fd1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{619c2968-4399-11de-8165-222222222222}]
\Shell\AuToPlAy\commAnD - H:\usdr.exe
\Shell\AutoRun\command - H:\usdr.exe
\Shell\exPloRE\CoMmANd - H:\usdr.exe
\Shell\opeN\coMmAnd - H:\usdr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e11d020-431c-11de-8164-222222222222}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a35a904c-3f24-11de-8149-222222222222}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab0fe52e-2464-11de-87f1-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac441ed6-2457-11de-8117-00c09fff6fd1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa31b643-245e-11de-8118-00c09fff6fd1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa31b647-245e-11de-8118-00c09fff6fd1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: "إضافة إلى حاجب الدعايات" - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\AT\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]j8845o3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\AT\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 07:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...  
scanning hidden autostart entries ... 
scanning hidden files ...  
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fqakx]
"ServiceDll"="c:\windows\system32\xaildh.dll"
.
Completion time: 2009-06-03  7:56
ComboFix-quarantined-files.txt  2009-06-03 04:56
ComboFix2.txt  2009-05-13 13:11
ComboFix3.txt  2009-04-19 22:16
Pre-Run: 12,384,174,080 bytes free
Post-Run: 12,401,500,160 bytes free
326
 
قم بحدف التالي

O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [IDMan] C:Program FilesInternet Download ManagerIDMan.exe /onboot


O4 - Startup: RocketDock.lnk = C:WINDOWSBricoPacksVista Inspirat 2RocketDockRocketDock.exe



O4 - Global Startup: PalTalk.lnk = C:Program FilesPaltalk Messengerpaltalk.exe



O23 - Service: Apache2.2 - Apache Software Foundation - C:AppServApache2.2binhttpd.exe



O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe


طريقة الحذف للاكس بي





mg%20%283%29.png






mg%20%284%29.png




بعدين استخدم ها الادوات



التحميل من هنا




يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





التوافق : ويندوز اكسبي فقط





شرح الاستخدام ,,,,,,




عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )





000.png






001.png






وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))





002.png


بعدين
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



نزل الاداه المكافي وافحص جهازك

وبعدها تقرير هايجك

 
التعديل الأخير بواسطة المشرف:
توقيع : format
تم يالغالي وهذا تقرير الهايجك

PHP:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:33  م , on 03/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\MOBILY~1\Modem.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\AT\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\AT\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\AT\Application Data\CyberScrub\Privacy Suite" 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F335DFA2-61C9-4BD9-BA06-2EF26D8BBBD4}: NameServer = 84.23.101.84 84.23.101.85
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6485 bytes
 
التقارير سليمة بارك الله فيك
والاخ فورمات اخطأ بالقيم
لان الكود اللي يحتوي التقرير يغير من قيمها !!
 
التقارير سليمة بارك الله فيك
والاخ فورمات اخطأ بالقيم
لان الكود اللي يحتوي التقرير يغير من قيمها !!



اها والله معلومة جديدة عليا ^_^

واسف على الخطاء :q:

وشكرا ياماكس

 
توقيع : format
اخى قم بعمل تقرير هايجاك مرة اخرى دون وضعة فى كود
 
توقيع : king_man
عودة
أعلى