تقريري بالهيجاك ارجو تحليله؟

  • بادئ الموضوع بادئ الموضوع Knight Lord
  • تاريخ البدء تاريخ البدء
  • المشاهدات 929
K

Knight Lord

زيزوومى محترف
إنضم
1 مارس 2008
المشاركات
4,623
مستوى التفاعل
33
النقاط
830
الإقامة
KSA
غير متصل
بسم الله وعلى بركه الله
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:25:54 م, on 10/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

--
End of file - 7141 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 828
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 17/06/1425 09:56:30 م
File Modified Date : 08/04/1429 04:00:03 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 04/05/1429 09:38:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 844 K
Mem Usage Peak : 1160 K
Page Faults : 471
Pagefile Usage : 616 K
Pagefile Peak Usage : 2116 K
File Attributes : A
==================================================

==================================================
Process Name : csrss.exe
ProcessID : 876
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 17/06/1425 09:56:08 م
File Modified Date : 08/04/1429 03:59:49 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 04/05/1429 09:38:29 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4240 K
Mem Usage Peak : 5356 K
Page Faults : 22991
Pagefile Usage : 2004 K
Pagefile Peak Usage : 2020 K
File Attributes : A
==================================================

==================================================
Process Name : winlogon.exe
ProcessID : 908
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 506,880
File Created Date : 17/06/1425 09:56:36 م
File Modified Date : 08/04/1429 04:00:06 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:30 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2388 K
Mem Usage Peak : 14816 K
Page Faults : 20466
Pagefile Usage : 7716 K
Pagefile Peak Usage : 8996 K
File Attributes : A
==================================================

==================================================
Process Name : services.exe
ProcessID : 952
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : ‎‎Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,544
File Created Date : 17/06/1425 09:56:30 م
File Modified Date : 08/04/1429 04:00:02 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3436 K
Mem Usage Peak : 3476 K
Page Faults : 1461
Pagefile Usage : 1744 K
Pagefile Peak Usage : 1876 K
File Attributes : A
==================================================

==================================================
Process Name : lsass.exe
ProcessID : 964
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 17/06/1425 09:56:18 م
File Modified Date : 08/04/1429 03:59:55 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:33 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1552 K
Mem Usage Peak : 6332 K
Page Faults : 53621
Pagefile Usage : 3300 K
Pagefile Peak Usage : 3912 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1140
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 08/04/1429 04:00:03 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5016 K
Mem Usage Peak : 5068 K
Page Faults : 1735
Pagefile Usage : 3076 K
Pagefile Peak Usage : 23216 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1208
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 08/04/1429 04:00:03 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:36 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4392 K
Mem Usage Peak : 4400 K
Page Faults : 1302
Pagefile Usage : 1920 K
Pagefile Peak Usage : 1944 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1356
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 08/04/1429 04:00:03 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:36 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 33128 K
Mem Usage Peak : 132068 K
Page Faults : 7871594
Pagefile Usage : 21112 K
Pagefile Peak Usage : 122280 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1608
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 08/04/1429 04:00:03 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:37 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3832 K
Mem Usage Peak : 3840 K
Page Faults : 1005
Pagefile Usage : 1500 K
Pagefile Peak Usage : 1524 K
File Attributes : A
==================================================

==================================================
Process Name : spoolsv.exe
ProcessID : 1844
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-0852)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 08/04/1429 04:00:03 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4944 K
Mem Usage Peak : 5868 K
Page Faults : 1885
Pagefile Usage : 3256 K
Pagefile Peak Usage : 4088 K
File Attributes : A
==================================================

==================================================
Process Name : agrsmsvc.exe
ProcessID : 1880
Priority : Normal
Product Name : Agere Soft Modem Call Progress Service
Version : 1.0.0.4
Description : Agere Soft Modem Call Progress Service
Company : Agere Systems
Window Title :
File Size : 9,216
File Created Date : 15/08/1428 06:59:30 م
File Modified Date : 11/07/1428 03:08:42 م
Filename : C:\WINDOWS\system32\agrsmsvc.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1368 K
Mem Usage Peak : 1368 K
Page Faults : 342
Pagefile Usage : 464 K
Pagefile Peak Usage : 464 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1896
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 08/04/1429 04:00:03 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/05/1429 09:38:40 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3200 K
Mem Usage Peak : 3200 K
Page Faults : 847
Pagefile Usage : 2168 K
Pagefile Peak Usage : 2192 K
File Attributes : A
==================================================

==================================================
Process Name : ekrn.exe
ProcessID : 1932
Priority : Normal
Product Name : ESET Smart Security
Version : 3.0.650
Description : Eset Service
Company : ESET
Window Title :
File Size : 472,320
File Created Date : 06/03/1429 01:49:56 م
File Modified Date : 06/03/1429 01:49:56 م
Filename : C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:38:40 م
Visible Windows : 0
Hidden Windows : 3
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 35776 K
Mem Usage Peak : 59772 K
Page Faults : 2732997
Pagefile Usage : 32344 K
Pagefile Peak Usage : 93620 K
File Attributes : A
==================================================

==================================================
Process Name : openvpnas.exe
ProcessID : 1960
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 49,664
File Created Date : 27/11/1427 03:08:10 ص
File Modified Date : 27/11/1427 03:08:10 ص
Filename : C:\Program Files\Hotspot Shield\bin\openvpnas.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:38:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2000 K
Mem Usage Peak : 2000 K
Page Faults : 508
Pagefile Usage : 592 K
Pagefile Peak Usage : 592 K
File Attributes : A
==================================================

==================================================
Process Name : MDM.EXE
ProcessID : 2000
Priority : Normal
Product Name : Microsoft® Visual Studio .NET
Version : 7.00.9466
Description : Machine Debug Manager
Company : Microsoft Corporation
Window Title :
File Size : 322,120
File Created Date : 19/04/1424 08:25:00 م
File Modified Date : 19/04/1424 08:25:00 م
Filename : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Base Address : 0x00400000
Created On : 04/05/1429 09:38:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2884 K
Mem Usage Peak : 2892 K
Page Faults : 776
Pagefile Usage : 984 K
Pagefile Peak Usage : 996 K
File Attributes : A
==================================================

==================================================
Process Name : Explorer.EXE
ProcessID : 1264
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.5512 (xpsp.080413-2105)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,031,168
File Created Date : 17/06/1425 09:56:12 م
File Modified Date : 08/04/1429 03:59:52 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 04/05/1429 09:38:48 م
Visible Windows : 2
Hidden Windows : 37
User Name : USER-5D7192678A\user
Mem Usage : 25812 K
Mem Usage Peak : 44768 K
Page Faults : 488888
Pagefile Usage : 29580 K
Pagefile Peak Usage : 42328 K
File Attributes : A
==================================================

==================================================
Process Name : realsched.exe
ProcessID : 632
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 09/03/1428 01:49:23 م
File Modified Date : 07/04/1429 04:33:39 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:38:55 م
Visible Windows : 0
Hidden Windows : 2
User Name : USER-5D7192678A\user
Mem Usage : 204 K
Mem Usage Peak : 2884 K
Page Faults : 40999
Pagefile Usage : 1040 K
Pagefile Peak Usage : 1232 K
File Attributes : A
==================================================

==================================================
Process Name : egui.exe
ProcessID : 724
Priority : Normal
Product Name : ESET Smart Security
Version : 3.0.650
Description : Eset GUI
Company : ESET
Window Title :
File Size : 1,443,072
File Created Date : 06/03/1429 01:48:30 م
File Modified Date : 06/03/1429 01:48:30 م
Filename : C:\Program Files\ESET\ESET Smart Security\egui.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:38:57 م
Visible Windows : 0
Hidden Windows : 4
User Name : USER-5D7192678A\user
Mem Usage : 3644 K
Mem Usage Peak : 8764 K
Page Faults : 34212
Pagefile Usage : 4824 K
Pagefile Peak Usage : 6296 K
File Attributes : A
==================================================

==================================================
Process Name : ctfmon.exe
ProcessID : 708
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2105)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 17/06/1425 09:56:08 م
File Modified Date : 08/04/1429 03:59:49 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:38:58 م
Visible Windows : 0
Hidden Windows : 5
User Name : USER-5D7192678A\user
Mem Usage : 3556 K
Mem Usage Peak : 3560 K
Page Faults : 1114
Pagefile Usage : 984 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================

==================================================
Process Name : msnmsgr.exe
ProcessID : 732
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,724,184
File Created Date : 07/10/1428 08:34:42 ص
File Modified Date : 07/10/1428 08:34:42 ص
Filename : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:38:58 م
Visible Windows : 1
Hidden Windows : 54
User Name : USER-5D7192678A\user
Mem Usage : 5120 K
Mem Usage Peak : 64504 K
Page Faults : 2043521
Pagefile Usage : 60212 K
Pagefile Peak Usage : 84152 K
File Attributes : A
==================================================

==================================================
Process Name : IDMan.exe
ProcessID : 772
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.12.4.0
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title :
File Size : 2,577,840
File Created Date : 13/02/1429 02:06:38 م
File Modified Date : 02/01/1429 07:59:06 م
Filename : C:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:39:00 م
Visible Windows : 0
Hidden Windows : 7
User Name : USER-5D7192678A\user
Mem Usage : 9924 K
Mem Usage Peak : 13576 K
Page Faults : 13346
Pagefile Usage : 6928 K
Pagefile Peak Usage : 7172 K
File Attributes : A
==================================================

==================================================
Process Name : AFController.exe
ProcessID : 1416
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 118,784
File Created Date : 30/05/1427 02:26:24 ص
File Modified Date : 30/05/1427 02:26:24 ص
Filename : C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:39:04 م
Visible Windows : 0
Hidden Windows : 2
User Name : USER-5D7192678A\user
Mem Usage : 3288 K
Mem Usage Peak : 3420 K
Page Faults : 924
Pagefile Usage : 1256 K
Pagefile Peak Usage : 1272 K
File Attributes : A
==================================================

==================================================
Process Name : IEMonitor.exe
ProcessID : 260
Priority : Normal
Product Name : IEMonitor Application
Version : 5, 12, 8, 0
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,312
File Created Date : 13/02/1429 02:04:02 م
File Modified Date : 11/02/1429 01:01:01 م
Filename : C:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:39:09 م
Visible Windows : 0
Hidden Windows : 3
User Name : USER-5D7192678A\user
Mem Usage : 5196 K
Mem Usage Peak : 5212 K
Page Faults : 1866
Pagefile Usage : 1552 K
Pagefile Peak Usage : 1576 K
File Attributes : A
==================================================

==================================================
Process Name : iexplore.exe
ProcessID : 2108
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16640 (vista_gdr.080213-1606)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 625,664
File Created Date : 20/03/1429 08:52:02 ص
File Modified Date : 22/02/1429 08:54:19 ص
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 04/05/1429 09:39:20 م
Visible Windows : 0
Hidden Windows : 20
User Name : USER-5D7192678A\user
Mem Usage : 32984 K
Mem Usage Peak : 59252 K
Page Faults : 294924
Pagefile Usage : 43624 K
Pagefile Peak Usage : 86300 K
File Attributes : A
==================================================

==================================================
Process Name : rsvp.exe
ProcessID : 2792
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.0 (xpclient.010817-1148)
Description : Microsoft RSVP
Company : Microsoft Corporation
Window Title :
File Size : 132,608
File Created Date : 02/07/1422 12:00:00 م
File Modified Date : 02/07/1422 12:00:00 م
Filename : C:\WINDOWS\system32\rsvp.exe
Base Address : 0x01000000
Created On : 04/05/1429 10:16:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1056 K
Mem Usage Peak : 2304 K
Page Faults : 842
Pagefile Usage : 2448 K
Pagefile Peak Usage : 2640 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 3876
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 08/04/1429 04:00:03 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/05/1429 11:40:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4228 K
Mem Usage Peak : 4284 K
Page Faults : 1165
Pagefile Usage : 2396 K
Pagefile Peak Usage : 2500 K
File Attributes : A
==================================================

==================================================
Process Name : firefox.exe
ProcessID : 3828
Priority : Normal
Product Name : Firefox
Version : 1.8.1.14: 2008040413
Description : Firefox
Company : Mozilla Corporation
Window Title : لعيونك يابوووب 77 ( الاداة SmitfraudFix متوافقه مع برامج الحماية ) - زيزوووم للأمن والحمايه - موزيلا فايرفوكس
File Size : 7,660,656
File Created Date : 14/04/1429 03:29:06 م
File Modified Date : 01/04/1429 07:07:40 ص
Filename : C:\Program Files\Mozilla Firefox\firefox.exe
Base Address : 0x00400000
Created On : 05/05/1429 06:13:10 م
Visible Windows : 1
Hidden Windows : 22
User Name : USER-5D7192678A\user
Mem Usage : 59916 K
Mem Usage Peak : 62112 K
Page Faults : 214158
Pagefile Usage : 47632 K
Pagefile Peak Usage : 49856 K
File Attributes : A
==================================================

==================================================
Process Name : runn.exe
ProcessID : 244
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 05/05/1429 03:25:51 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 05/05/1429 06:25:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER-5D7192678A\user
Mem Usage : 2080 K
Mem Usage Peak : 2084 K
Page Faults : 598
Pagefile Usage : 596 K
Pagefile Peak Usage : 672 K
File Attributes : A
==================================================

==================================================
Process Name : cmd.exe
ProcessID : 3216
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 389,120
File Created Date : 17/06/1425 09:56:06 م
File Modified Date : 08/04/1429 03:59:48 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 05/05/1429 06:25:51 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER-5D7192678A\user
Mem Usage : 2864 K
Mem Usage Peak : 2932 K
Page Faults : 816
Pagefile Usage : 2024 K
Pagefile Peak Usage : 2100 K
File Attributes : A
==================================================

==================================================
Process Name : wmiprvse.exe
ProcessID : 2816
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2108)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 20/03/1429 08:50:15 ص
File Modified Date : 08/04/1429 04:00:06 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 05/05/1429 06:25:52 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5656 K
Mem Usage Peak : 5656 K
Page Faults : 1451
Pagefile Usage : 2892 K
Pagefile Peak Usage : 2892 K
File Attributes : A
==================================================

==================================================
Process Name : CProcess.exe
ProcessID : 2096
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 05/05/1429 03:25:50 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 05/05/1429 06:25:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER-5D7192678A\user
Mem Usage : 2128 K
Mem Usage Peak : 2152 K
Page Faults : 789
Pagefile Usage : 844 K
Pagefile Peak Usage : 880 K
File Attributes : A
==================================================

.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\rdpclip.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.5512
c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0045
c:\program files\common files\real\update_ob\realsched.exe
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Adobe Acrobat SpeedLauncher
Adobe Systems Incorporated
8.00.0000.0000
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
File not found: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
egui
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
Eset GUI
ESET
3.00.0650.0000
c:\program files\eset\eset smart security\egui.exe

C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل
Adobe Gamma Loader.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
Adobe Gamma Loader
Adobe Systems, Inc.
1.00.0000.0001
c:\program files\common files\adobe\calibration\adobe gamma loader.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\ctfmon.exe
msnmsgr
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Windows Live Messenger
Microsoft Corporation
8.05.1302.1018
c:\program files\windows live\messenger\msnmsgr.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.12.0004.0000
c:\program files\internet download manager\idman.exe
AFProg
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
c:\program files\hotspot shield\anchorfree\ctrl\afcontroller.exe
.
.
----------- End Report ---------------
 

توقيع : Knight Lord
ترتيب حسب التاريخ ترتيب حسب الأصوات
والله عندك عدد تقارير لم اعرفها بالعربي لاكن تقرير وندز xp وهو اول تقرير

احذف التالي

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


O9 - Extra button: ShopperReports - Compare product prices - {C542
8486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
ياخوي ورا تقريرك كنه طريق ابو حدريه

:q:


C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\runn.exe
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



امسح القيم هذي وارجفني بتقرير هايجاك جديد

بس هايجاك
 
توقيع : LINEZERO
تأييد 0
ابشر ههههههههههه شكلك من الجنوب شويات وارد لك تقرير
 
توقيع : Knight Lord
تأييد 0
برنامج الهايجاك لو سمحت للحذف لان عندي سيده من عند زيزوم رحم الله والديه يعطيني التقرير ع طول
 
توقيع : Knight Lord
تأييد 0
وذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:06:00 م, on 10/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
--
End of file - 6733 bytes
 
توقيع : Knight Lord
تأييد 0
C:\DOCUME~1\user\LOCALS~1\Temp\bntoz\runn.exe<<ما لقيته
 
توقيع : Knight Lord
تأييد 0
لم تقم بحذف التالي

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll



wh_61216160.png
 
تأييد 0
هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



سو فحص جديد

وحدد القيم

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll


ثم امسحها

واذا خلصت اعمل تقرير بالااداة الي حملت تو وارفقه بردك القادم

بالتوفيق

وفي الاخير اش فيهم 07
:cr:​
 
توقيع : LINEZERO
تأييد 0
هع انا منهم طيووب ما قلت شي ونعم فيهم طيب شكلي حذفتها الاولي بس نجرب من جديد
 
توقيع : Knight Lord
تأييد 0
وذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28:48 م, on 10/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
--
End of file - 6687 bytes
 
توقيع : Knight Lord
تأييد 0
wh_80835080.png



وفي مرحلة لاحقة وبعد تحليل القيم والتوصل الى القيم الضارة
يمكن التخلص منها بوضع علامة صح امامها
ثم منه ثم ضغط Fix checked
A71A4.gif
 
تأييد 0
ragih قال:
wh_80835080.png



وفي مرحلة لاحقة وبعد تحليل القيم والتوصل الى القيم الضارة
يمكن التخلص منها بوضع علامة صح امامها
ثم منه ثم ضغط Fix checked
A71A4.gif
أنقر للتوسيع...

امسح القيمتين بالطريقه هذي

ثم اعمل تقرير جديد
 
توقيع : LINEZERO
تأييد 0
ياخوان وش دراني وش البرامج الضاره الحين بعدين القيم حذفتها من الطريقه الثانيه فوكس اصلاح
 
توقيع : Knight Lord
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:11:56 م, on 10/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
--
End of file - 6740 bytes
 
توقيع : Knight Lord
تأييد 0
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

ادري قصدكم ذي حذفته مليون مره بس وش الحل البرامج الضاره مادري والله وشو الضار وشو النافع
 
توقيع : Knight Lord
تأييد 0
اخي عندك برنامج ShopperReports حاول تزيله من لوحة التحكم إضافه ويزاله وتعمل تقرير
 
تأييد 0
حذفناه وذا تقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:55 م, on 10/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

--
End of file - 6366 bytes
 
توقيع : Knight Lord
تأييد 0
التقرير سليم الان
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى