تقرير هايجاك جهازي يعلللق

خ

خال ولد خال

زيزوومي نشيط
إنضم
9 يونيو 2008
المشاركات
181
مستوى التفاعل
0
النقاط
230
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:41 AM, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\program files\relevantknowledge\rlvknlg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000008c00002i\RegistryCleaner.exe
C:\Documents and Settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000008c00002i\RegistryCleaner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescue.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 4287 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
قم بحذف التالى
C:\program files\relevantknowledge\rlvknlg.exe

O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
+
إذا عندك برنامج باسم relevantknowledge قم بحذفه
+
راجع
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
تأييد 0
من بعد اذنك اخوي ugugx

عطل برنامج الحمايه لديك

حمل الاداه
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
 
تأييد 0
تقرير ComboFix 09-06-16.05 - xpp 17/06/2009 9:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.974.1033.18.1015.523 [GMT -7:00]
Running from: c:\documents and settings\xpp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlvknlg.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.
2009-06-17 16:30 . 2009-06-17 16:30 -------- d-----w- c:\program files\Golden Bow
2009-06-17 16:12 . 2008-12-22 08:23 2567629 -c----w- c:\documents and settings\All Users\Application Data\~1\Uniblue RegistryBooster.exe
2009-06-17 16:11 . 2009-06-17 16:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2009-06-17 16:10 . 2009-06-17 16:13 -------- d-----w- c:\documents and settings\xpp\Application Data\Uniblue
2009-06-17 16:10 . 2008-12-22 08:12 2644135 -c----w- c:\documents and settings\All Users\Application Data\~0\Uniblue DiskRescue.exe
2009-06-17 16:10 . 2009-06-17 16:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-06-17 15:55 . 2009-06-17 15:55 7680 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000005b00002i\TuneUpDefragService.exe
2009-06-17 15:55 . 2009-06-17 16:00 361216 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\%SystemSystem%\TuneUpDefragService.exe
2009-06-17 15:54 . 2009-06-17 15:54 7680 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000008c00002i\RegistryCleaner.exe
2009-06-17 15:53 . 2009-06-17 15:53 7680 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000009d00002i\OneClick.exe
2009-06-17 15:53 . 2009-06-17 15:53 7680 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000007b00002i\DiskExplorer.exe
2009-06-17 15:50 . 2009-06-17 15:50 7680 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\400000ec00002i\SpeedOptimizer.exe
2009-06-17 15:46 . 2009-06-17 15:46 -------- d-s---w- c:\documents and settings\xpp\UserData
2009-06-17 14:50 . 2000-07-15 06:00 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-06-17 14:47 . 2009-06-17 14:47 7680 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\40000015b00002i\Integrator.exe
2009-06-17 14:47 . 2009-06-17 14:47 7680 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000003f00002i\UpdateWizard.exe
2009-06-17 14:47 . 2009-06-17 14:47 7680 ----a-w- c:\documents and settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000009700002i\TUProgSt.exe
2009-06-17 14:47 . 2009-06-17 14:47 -------- d-----w- c:\documents and settings\xpp\Local Settings\Application Data\Thinstall
2009-06-17 14:47 . 2009-06-17 14:47 -------- d-----w- c:\documents and settings\xpp\Application Data\Thinstall
2009-06-17 14:34 . 2009-06-17 14:34 -------- d-----w- c:\documents and settings\xpp\Application Data\IObit
2009-06-15 22:36 . 2009-06-15 22:36 -------- d-----w- c:\program files\Internet Download Manager
2009-06-15 13:39 . 2009-06-15 13:39 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-15 13:39 . 2009-06-15 13:39 -------- d-----w- c:\program files\MSBuild
2009-06-15 13:38 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-15 13:38 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-15 13:38 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-15 13:38 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-15 13:38 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-15 13:38 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-15 13:38 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-15 13:32 . 2009-06-15 13:55 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-15 13:32 . 2009-06-15 13:32 -------- d-----w- c:\windows\system32\GroupPolicy
2009-06-15 13:31 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-06-15 13:31 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-06-15 13:31 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-06-15 13:31 . 2009-06-15 13:31 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-15 13:29 . 2009-06-15 13:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-06-15 13:28 . 2009-06-15 13:28 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-15 13:06 . 2009-06-15 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcaBit
2009-06-15 13:04 . 2009-06-15 13:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ArcaBit
2009-06-15 13:04 . 2009-06-15 13:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\ArcaBit
2009-06-15 13:02 . 2009-06-15 13:51 -------- d-----w- c:\program files\ArcaBit
2009-06-15 12:29 . 2009-06-16 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-14 23:51 . 2009-06-14 23:51 -------- d-----w- c:\program files\Windows Live
2009-06-14 23:51 . 2009-06-14 23:51 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-14 23:05 . 2008-04-14 00:12 32866 -c--a-w- c:\windows\system32\dllcache\slrundll.exe
2009-06-14 23:05 . 2008-04-14 00:12 32866 ----a-w- c:\windows\slrundll.exe
2009-06-14 22:56 . 2009-06-14 22:56 -------- d-----w- c:\program files\CCleaner
2009-06-13 13:35 . 2009-06-13 15:48 -------- d-----w- c:\program files\Trojan Remover
2009-06-13 11:52 . 2009-06-13 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-06-10 14:23 . 2009-06-13 15:46 -------- d-----w- c:\program files\Conduit
2009-06-10 14:23 . 2009-06-13 15:46 -------- d-----w- c:\program files\Hotspot_Shield
2009-06-10 14:06 . 2009-06-10 14:06 -------- d-----w- c:\program files\temp
2009-06-08 21:01 . 2009-06-08 21:01 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-06-08 21:01 . 2009-06-08 21:01 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-06-08 21:01 . 2009-06-08 21:01 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-06-08 21:01 . 2009-06-08 21:01 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-06-08 21:01 . 2009-06-08 21:01 1986560 ----a-w- c:\windows\system32\akll.dll
2009-06-08 21:01 . 2009-06-08 21:01 196608 ----a-w- c:\windows\system32\maag.dll
2009-06-08 21:01 . 2009-06-08 21:01 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-06-08 21:01 . 2009-06-08 21:01 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-06-08 21:01 . 2003-08-07 22:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-08 21:01 . 2009-06-08 21:01 -------- d-----w- c:\windows\system32\RMBin
2009-06-08 20:56 . 2009-06-08 20:56 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-07 21:59 . 2008-06-01 10:00 75008 ----a-w- c:\windows\system32\drivers\sscvf.sys
2009-06-07 21:59 . 2008-06-01 10:00 41472 ----a-w- c:\windows\system32\vfcfg.exe
2009-06-07 21:59 . 2008-06-01 10:00 110676 ----a-w- c:\windows\system32\vfcfgsh.dll
2009-06-07 21:33 . 2009-06-13 15:45 -------- d-----w- c:\program files\jv16 PowerTools 2008
2009-06-07 21:21 . 2009-06-07 21:21 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-07 21:21 . 2009-06-14 23:05 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-06-07 21:12 . 2009-06-07 21:12 -------- d-----w- C:\Linksys Driver
2009-06-07 20:39 . 2009-06-07 20:39 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-07 20:39 . 2009-06-07 20:39 -------- d-----w- c:\windows\system32\KB905474
2009-06-07 12:22 . 2009-06-07 12:22 -------- d-----w- c:\program files\Diskeeper Corporation
2009-06-07 11:00 . 2009-06-07 11:36 -------- d-----w- c:\windows\BDOSCAN8
2009-06-07 10:03 . 2009-03-11 05:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-06-07 10:03 . 2009-03-11 05:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-06-06 22:43 . 2009-06-07 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-06 22:42 . 2009-06-07 12:19 -------- d-----w- c:\program files\Lavasoft
2009-06-04 16:04 . 2002-12-10 16:11 6852 ----a-w- c:\windows\system32\drivers\Vcs.sys
2009-06-04 10:09 . 2009-06-04 13:41 -------- d-----w- c:\program files\Common Files\Filseclab
2009-06-04 10:09 . 2009-06-04 10:09 -------- d-----w- c:\program files\Filseclab
2009-06-03 11:15 . 2009-06-16 11:24 -------- d-----w- c:\program files\Hotspot Shield
2009-06-03 09:46 . 2009-06-04 21:59 -------- d-----w- c:\program files\GRETECH
2009-06-02 20:49 . 2009-06-02 20:49 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-02 15:30 . 2009-06-02 15:30 -------- d-----w- c:\program files\Common Files\delet
2009-06-02 14:50 . 2009-06-02 14:50 -------- d-----w- c:\program files\Trend Micro
2009-06-02 13:26 . 2009-06-02 15:06 -------- d-----w- c:\program files\Spyware Terminator
2009-06-02 09:26 . 2009-06-14 22:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-02 09:20 . 2009-06-10 14:19 -------- d-----w- c:\program files\WinASO
2009-06-02 09:11 . 2009-06-02 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-02 09:11 . 2009-06-14 22:57 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-02 07:55 . 2009-06-02 07:55 -------- d-----w- c:\program files\SuperSpeed
2009-06-01 21:44 . 2009-06-17 16:47 -------- d-----w- c:\program files\Uniblue
2009-06-01 21:38 . 2009-06-01 21:38 -------- d-----w- c:\program files\Reference Assemblies
2009-06-01 21:33 . 2009-06-01 21:33 -------- d--h--r- C:\AHCache
2009-06-01 20:30 . 2009-06-01 20:30 53760 ----a-w- c:\windows\system\ppacklib.dll
2009-06-01 20:30 . 2009-06-01 20:30 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-06-01 20:30 . 2002-01-05 18:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-01 20:30 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-01 20:30 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-01 09:13 . 2009-06-01 09:21 192 ---ha-w- c:\windows\winshell.dat
2009-06-01 09:12 . 2009-06-01 11:06 -------- d-----w- c:\program files\Dachshund Software
2009-06-01 08:10 . 2009-06-01 08:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-01 08:10 . 2009-06-01 08:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-01 08:10 . 2009-06-08 20:56 -------- d-----w- c:\program files\Common Files\Real
2009-06-01 08:10 . 2009-06-08 20:56 -------- d-----w- c:\program files\Real
2009-06-01 08:04 . 2009-06-01 08:04 -------- d-----w- c:\windows\Sun
2009-05-31 21:07 . 2009-05-31 21:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-31 21:06 . 2009-05-31 21:06 -------- d-----w- c:\program files\Java
2009-05-31 20:13 . 2009-06-13 16:11 -------- d-----w- c:\program files\IObit
2009-05-31 14:41 . 2009-05-31 14:41 -------- d-----w- c:\windows\system32\scripting
2009-05-31 14:41 . 2009-05-31 14:41 -------- d-----w- c:\windows\system32\en
2009-05-31 14:41 . 2009-05-31 14:41 -------- d-----w- c:\windows\l2schemas
2009-05-31 14:41 . 2009-05-31 14:41 -------- d-----w- c:\windows\system32\bits
2009-05-31 14:39 . 2009-05-31 14:39 -------- d-----w- c:\windows\ServicePackFiles
2009-05-31 14:28 . 2004-08-04 05:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-05-31 14:28 . 2004-08-04 05:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-05-31 14:26 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-05-31 13:55 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-05-31 13:48 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 16:13 . 2009-06-17 16:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-06-17 14:55 . 2009-06-17 14:50 685056 ----a-w- c:\windows\isRS-000.tmp
2009-06-17 14:28 . 2009-06-17 14:28 28104 ----a-w- c:\documents and settings\xpp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-15 12:32 . 2009-05-05 23:41 -------- d-----w- c:\program files\MSN Messenger
2009-06-08 11:10 . 2009-05-06 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-07 21:59 . 2009-05-06 07:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 11:07 . 2009-05-05 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-31 20:29 . 2009-05-05 18:35 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-31 14:42 . 2009-05-05 18:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-30 13:44 . 2009-05-05 18:32 -------- d-----w- c:\program files\VideoLAN
2009-05-25 08:55 . 2009-06-17 16:13 2838454 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2009-05-07 15:32 . 2004-08-04 07:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 07:20 . 2009-05-06 07:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-06 00:55 . 2009-05-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-05 23:45 . 2009-05-05 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-05 18:35 . 2009-05-05 18:35 172032 ------w- c:\windows\Setup1.exe
2009-05-05 18:35 . 2009-05-05 18:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-05 18:34 . 2009-05-05 18:34 2232 ----a-w- c:\windows\java\Packages\Data\NXFPNNZR.DAT
2009-05-05 18:34 . 2009-05-05 18:34 155995 ----a-w- c:\windows\java\Packages\OZLJ3VL3.ZIP
2009-05-05 18:34 . 2009-05-05 18:34 2678 ----a-w- c:\windows\java\Packages\Data\ZD3LZ9FH.DAT
2009-05-05 18:33 . 2009-05-05 18:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-05 18:25 . 2009-05-05 18:25 -------- d-----w- c:\program files\microsoft frontpage
2009-05-05 18:22 . 2009-05-05 18:22 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-29 09:45 . 2009-06-17 16:13 845128 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll
2009-04-29 09:45 . 2009-06-17 16:13 771368 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll
2009-04-29 09:45 . 2009-06-17 16:13 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll
2009-04-29 09:45 . 2009-06-17 16:13 395048 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll
2009-04-29 09:45 . 2009-06-17 16:13 236840 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll
2009-04-29 09:45 . 2009-06-17 16:13 614696 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe
2009-04-29 09:45 . 2009-06-17 16:13 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll
2009-04-29 09:45 . 2009-06-17 16:13 474408 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll
2009-04-29 09:45 . 2009-06-17 16:13 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll
2009-04-29 09:45 . 2009-06-17 16:13 197968 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll
2009-04-29 09:45 . 2009-06-17 16:13 1250600 -c--a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe
2009-04-29 04:46 . 2004-08-04 07:56 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 06:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 07:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-24 23:08 . 2009-05-06 00:56 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-15_17.12.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-17 14:58 . 2009-06-17 14:58 16384 c:\windows\temp\Perflib_Perfdata_2b0.dat
+ 2009-06-01 08:14 . 2009-06-17 16:17 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2009-06-01 08:14 . 2009-06-02 11:55 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-04 07:56 . 2007-06-12 06:51 10834944 c:\windows\system32\wmp.dll
+ 2004-08-04 07:56 . 2007-06-12 06:51 10834944 c:\windows\system32\dllcache\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"UniblueSpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe" [2009-04-29 614696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-08 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50001:TCP"= 50001:TCP:ArcaVir CommunicationPort (S)
"50000:TCP"= 50000:TCP:ArcaVir CommunicationPort (A)
R0 SscVF;SscVF;c:\windows\system32\drivers\sscvf.sys [07/06/2009 02:59 PM 75008]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [04/06/2009 09:04 AM 6852]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} -
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-17 09:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-17 9:54
ComboFix-quarantined-files.txt 2009-06-17 16:54
ComboFix2.txt 2009-06-15 17:14
Pre-Run: 35,930,451,968 bytes free
Post-Run: 35,933,491,200 bytes free
251 --- E O F --- 2009-06-15 14:39
 
تأييد 0
تقرير هايجاك جديد الله يعافيك
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:07 AM, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000008c00002i\RegistryCleaner.exe
C:\Documents and Settings\xpp\Application Data\Thinstall\TuneUp Utilities 2009\4000008c00002i\RegistryCleaner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize
O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 3718 bytes
 
تأييد 0
احذف القيم التاليه من الهايجاك

O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\WINDOWS\system32\shdocvw.dll


O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\WINDOWS\system32\shdocvw.dll


ثم استخدم البرنامج التالي

i17825_11.png



** بعد الضغط على تنظيف انتظر قليلاً .... حتى تظهر لك رساله بأنتهاء التنظيف ... انظر الصوره ..

i17826_2.png



حط صح على الاخير

ثم تنظيف

رابط التحميل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
وبعدها عطنى النتائج معك ان شاء الله عقل جهازك :d:
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى