لخبراء hijack this هذا هو التقرير ...هل يوجد اخطاء في جهازي؟

محروم.كوم · #1 04-30-2019, 12:51 PM

<div>Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x64 Windows 10 (Home), 10.0.17763.437 (ReleaseId: 1809), Service Pack: 0
Time: 30.04.2019 - 11:36 (UTC+00:00)
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: aba (group: Administrator) on ABA-PC, FirstRun: yes

Chrome: 74.0.3729.108
Edge: 11.0.17763.437
Internet Explorer: 11.0.17763.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
1 C:\Program Files\Process Lasso\ProcessGovernor.exe
1 C:\Program Files\Process Lasso\ProcessLasso.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
1 C:\Users\aba.ABA-PC\Desktop\HijackThisPortable\App\HijackThis\Hijac kThis.exe
1 C:\Users\aba.ABA-PC\Desktop\HijackThisPortable\App\HijackThis\MemCo mpression
1 C:\Users\aba.ABA-PC\Desktop\HijackThisPortable\App\HijackThis\Regis try
1 C:\Users\aba.ABA-PC\Desktop\HijackThisPortable\HijackThisPortable.e xe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\ICEsoundService64.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\drivers\AdminService.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
23 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://go.microsoft.com/fwlink/p/?L...RES000&pc=UE00
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [SuggestionsURL] = https://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&ma xwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sect ionHeight={ie:sectionHeight}&FORM=IESS02&pc=UE00 - Bing
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [URL] = https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 - Bing
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{10059D17-8BC4-4ED8-A4AB-C3292EA81741} [SuggestionsURL] = https://www.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth} &sh={ie:sectionHeight}&rh={ie:rowHeight}&inpute nco ding={inputEncoding}&outputencoding={outputEncodin g} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{10059D17-8BC4-4ED8-A4AB-C3292EA81741} [URL] = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?} - Google
O2-32 - HKLM\..\BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - (no file)
O2-32 - HKLM\..\BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
O2-32 - HKLM\..\BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - (no file)
O4 - HKCU\..\RunOnce: [Application Restart #0] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #1] = C:\Windows\regedit.exe
O4 - HKLM\..\Run: [snp2uvc] = C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] (2018/08/12) = C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\StartupApproved\Run: [HotKeysCmds] (1601/01/01) = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\StartupApproved\Run: [IgfxTray] (1601/01/01) = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\StartupApproved\Run: [Persistence] (1601/01/01) = C:\WINDOWS\system32\igfxpers.exe
O4-32 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] = C:\WINDOWS\is-PK0N1.exe /REG /REGSVRMODE
O9-32 - Button: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49} - Send to OneNote - (no file)
O9-32 - Button: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Lync Click to Call - (no file)

O9-32 - Button: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - OneNote Lin&ked Notes - (no file)
O9-32 - Tools menu item: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49} - Se&nd to OneNote - (no file)
O9-32 - Tools menu item: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Lync Click to Call - (no file)
O9-32 - Tools menu item: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - OneNote Lin&ked Notes - (no file)
O17 - DHCP DNS 1: 192.168.1.1
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - (no file)
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers: OneDrive7 - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) - {8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers: 00asw - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: OneDrive7 - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: ErrorOverlayHandler Class - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) - {8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: ReadOnlyOverlayHandler Class - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: SharedOverlayHandler Class - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: SharedSyncingOverlayHandler Class - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: SyncingOverlayHandler Class - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: UpToDateOverlayHandler Class - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O22 - Task (Job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O22 - Task: (disabled) ATK Package A22126881260 - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinu eUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanFor Updates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastT ask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\WindowsBackup\AutomaticBackup - C:\WINDOWS\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
O22 - Task: (disabled) \Microsoft\Windows\WindowsBackup\Windows Backup Monitor - C:\WINDOWS\system32\sdclt.exe /CHECKSKIPPED (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Workplace Join\Automatic-Device-Join - C:\WINDOWS\System32\dsregcmd.exe $(Arg0) $(Arg1) $(Arg2) (Microsoft)
O22 - Task: (disabled) \S-1-5-21-3737862441-1481991674-1132675414-1006\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: ATK Package 36D18D69AFC3 - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe -CancelShutdown
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-3737862441-1481991674-1132675414-500 - C:\Users\aba.ABA-PC\AppData\Local\Microsoft\OneDrive\OneDriveStanda loneUpdater.exe (file missing)
O22 - Task: Process Lasso Core Engine Only - C:\Program Files\Process Lasso\processgovernor.exe
O22 - Task: Process Lasso Management Console (GUI) - C:\Program Files\Process Lasso\processlasso.exe
O22 - Task: RTKCPL - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /runcplsilence
O22 - Task: RtHDVBg_ListenToDevice - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /AECBYLISTENTOSTATUS
O22 - Task: \Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerEncryptAllDrives - C:\WINDOWS\System32\edptask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterD evicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterD eviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Flighting\OneSettings\*******Ca che - {E07647F7-AED2-48D9-9720-939BC24A8A3C} - C:\Windows\System32\wosc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstall er.exe (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAs User - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\Rec oncileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powersh ell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules \SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powersh ell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules \SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRu ntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Backup Scan - C:\WINDOWS\system32\usoclient.exe StartScan (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Schedule Scan Static Task - C:\WINDOWS\system32\usoclient.exe StartScan (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UpdateModelT ask - C:\WINDOWS\system32\usoclient.exe StartModelUpdates (Microsoft)
O22 - Task: \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
O22 - Task: \Microsoft\Windows\WlanSvc\CDSSync - {B0D2B535-12E1-439F-86B3-BADA289510F0},$(Arg0) - C:\Windows\System32\WiFiCloudStore.dll (Microsoft)
O23 - Service R2: ASLDR Service - (ASLDRService) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service R2: AtherosSvc - C:\WINDOWS\System32\drivers\AdminService.exe
O23 - Service R2: ICEsound Service - (ICEsoundService) - C:\WINDOWS\system32\ICEsoundService64.exe
O23 - Service R2: Windows Defender Antivirus Service - (WinDefend) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe
O23 - Service R3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe

O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.108\elev ation_service.exe
O23 - Service S3: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

-- __DEFINE_LIKE_SHARE__

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
هكذا الوضع في البحرين قبل التقرير وبعد التقرير !!	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	11-26-2011 11:50 PM
هكذا الوضع في البحرين قبل التقرير وبعد التقرير !!	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	11-26-2011 08:50 PM
تقرير hijack يقول فيه فيروسات ومكافح الفيروسات يقول لا	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	05-14-2009 04:50 AM
تقرير بأداة hijack أتمنى المساعدة	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	04-11-2009 03:10 PM
تقرير hijack ارجو الاطلاع	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	04-09-2009 05:16 AM