الايفرا يرفض يشتغل

ا

ابومحمد555

زيزوومي جديد
إنضم
28 أكتوبر 2007
المشاركات
70
مستوى التفاعل
1
النقاط
80
غير متصل
السلام عليكم
احاول تركيب الايفرا على جهازي مايفتح تظهر الساعة الرملية لمدة ثواني وتختفي ولايحدث تنصيب حملته من جديد ولكن نفس المشكلة .
 

ترتيب حسب التاريخ ترتيب حسب الأصوات

اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
مشكور اخي وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:26 م, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\IDA\ida.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\_PA502\prem_sec_winnt_en_hp.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Downloads\Programs\antivir_workstation_winu_en_hp.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\_PA141\prem_sec_winnt_en_hp.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IDMIECC.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O3 - Toolbar: IDA Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\IDA\idabar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IDMan.exe /onboot
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEGetAll.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEGetVL.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEExt.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 8886 bytes
 
تأييد 0
عزيزي انته منصب الكاسبر 2009 ويش تسوي بالافيرا ؟؟؟
 
توقيع : السّاجد لله
تأييد 0
اخي حسام حملت الكسبر وركبته على الجهاز ولكن لايعمل
 
تأييد 0
حدد القيم التالية واحذفها

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IDMIECC.dll (file missing)


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O3 - Toolbar: IDA Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\IDA\idabar.dll


O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)




طريقة الحذف

zyzoom-47abf39087.gif



zyzoom-dc3770ae68.gif



نزل هالاداة لتنظيف الجهاز


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



zyzoom-3c0e283670.gif

 
توقيع : السّاجد لله
تأييد 0
طيب افتح الكاسبر وخذله صورة وارفعها في مشاركتك القادمة
 
توقيع : السّاجد لله
تأييد 0
بعد اذنكم
نزل الاداة هذي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها RegCleaner.exe
بعدين اضغط على Conigoration
بالمربع الصغير حدد على جميع المربعات
بعدين OK
اضغط على Scan for keys
وبعد ما ينتهي حط علامة صح على select all
بعدين Delete
جرب بعدها تثبت الافيرا
وان شاء الله يضبط
ويستحسن تحميله عن طريق الرابط
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
طبقنا الخطوات وحذفت الكسبر وحاولت احمل الايفرا ولكن نفس المشكلة تظهر الساعة الرملية لثواني ثم تختفي ولايحدث تنصيب للبرنامج
 
تأييد 0
طبقت الي وصيتك عليه ؟
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
اخوي جربت تحذف القيم
 
توقيع : السّاجد لله
تأييد 0
اخي juveguard
مشكور واعذرني ماانتبهت لردك وجاري التجربه
 
تأييد 0
نعم اخي حسام حذفت القيم ولم يتغير شئ
 
تأييد 0
اعمل التالي

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد 0
اخي juveguard
رفضت الاداة تعمل وتظهر ايقونة خطأ في النظام
 
تأييد 0
اخي حسام هذا التقرير ظهر بعد الفحصComboFix 08-10-25.01 - Admin 10/27/2008 0:38:25.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1520 [GMT 3:00]Running from: C:\Downloads\Video\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-26 20:59 --------- d-----w C:\Program Files\TheWorld 2.02008-10-26 20:50 --------- d-----w C:\Program Files\PowerArchiver2008-10-26 19:49 --------- d-----w C:\Program Files\Kaspersky Lab2008-10-26 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files2008-10-26 18:42 --------- d-----w C:\Documents and Settings\Admin\Application Data\SlipStream2008-10-25 21:27 --------- d-----w C:\Program Files\IDA2008-10-25 21:25 --------- d-----w C:\Documents and Settings\Admin\Application Data\Internet Download Accelerator2008-10-25 20:12 --------- d-----w C:\Program Files\Paltalk Messenger2008-10-25 20:11 --------- d-----w C:\Program Files\GRETECH2008-10-25 20:10 --------- d-----w C:\Program Files\Bonjour2008-10-25 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink2008-10-25 06:17 --------- d-----w C:\Documents and Settings\Admin\Application Data\DMCache2008-10-24 19:30 --------- d-----w C:\Program Files\Common Files\Adobe2008-10-24 19:27 --------- d-----w C:\Program Files\Docudesk2008-10-24 17:13 --------- d-----w C:\Documents and Settings\Admin\Application Data\IDM2008-10-24 07:08 --------- d-----w C:\Program Files\ONSPEED2008-10-23 22:02 --------- d-----w C:\Program Files\USB Disk Security2008-10-23 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier2008-10-23 19:38 --------- d-----w C:\Documents and Settings\Admin\Application Data\Avant Profiles2008-10-23 19:37 --------- d-----w C:\Program Files\Avant Browser2008-10-23 19:35 --------- d-----w C:\Documents and Settings\Admin\Application Data\Apple Computer2008-10-23 19:34 --------- d-----w C:\Program Files\Safari2008-10-23 19:33 --------- d-----w C:\Program Files\Apple Software Update2008-10-23 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple2008-10-23 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ConeXware2008-10-23 07:57 --------- d--h--w C:\Program Files\Zenographics2008-10-23 07:57 --------- d-----w C:\Program Files\Hewlett-Packard2008-10-23 07:55 --------- d-----w C:\Program Files\Microsoft.NET2008-10-23 07:50 --------- d-----w C:\Program Files\Sigmatel2008-10-23 07:47 --------- d-----w C:\Program Files\CONEXANT2008-10-23 07:33 --------- d-----w C:\Program Files\WIDCOMM2008-10-23 07:31 --------- d-----w C:\Program Files\Common Files\xing shared2008-10-23 07:31 --------- d-----w C:\Program Files\Common Files\Real2008-10-23 07:30 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll2008-10-23 07:30 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll2008-10-23 07:30 --------- d-----w C:\Program Files\Real2008-10-23 07:30 --------- d-----w C:\Program Files\K-Lite Codec Pack2008-10-23 07:29 47,104 ------w C:\WINDOWS\AKDeInstall.exe2008-10-23 07:29 --------- d-----w C:\Program Files\VideoLAN2008-10-23 07:29 --------- d-----w C:\Program Files\The KMPlayer2008-10-23 07:29 --------- d-----w C:\Program Files\mpegable2008-10-23 07:28 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-10-23 07:28 --------- d-----w C:\Program Files\CyberLink2008-10-23 07:28 --------- d-----w C:\Program Files\Common Files\InstallShield2008-10-23 07:27 155,995 ----a-w C:\WINDOWS\java\Packages\AG5VF9VT.ZIP2008-10-23 07:27 --------- d-----w C:\Program Files\MSN Messenger2008-10-23 07:26 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll2008-10-23 07:26 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll2008-10-23 07:26 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll2008-10-23 07:26 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll2008-10-23 07:26 196,608 ----a-w C:\WINDOWS\system32\maag.dll2008-10-23 07:26 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll2008-10-23 07:26 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll2008-10-23 07:26 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll2008-10-23 07:26 --------- d-----w C:\Program Files\Real_SC2008-10-23 07:26 --------- d-----w C:\Program Files\Nero2008-10-23 07:26 --------- d-----w C:\Program Files\Common Files\Ahead2008-10-23 07:18 --------- d-----w C:\Program Files\microsoft frontpage2008-09-15 15:37 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys2008-09-12 10:44 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys2008-08-20 05:36 657,920 ----a-w C:\WINDOWS\system32\wininet.dll2008-08-14 13:42 2,137,600 ----a-w C:\WINDOWS\system32\ntoskrnl.exe2008-08-14 13:42 2,017,280 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [11/30/2007 06:08 PM 140328]"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [02/14/2008 06:08 PM 2179072][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/23/2008 10:30 AM 185896]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/15/2007 02:33 PM 141848]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/15/2007 02:32 PM 166424]"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [11/15/2007 02:33 PM 137752]"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [01/30/2006 07:00 PM 98304]"SlipStream"="C:\Program Files\ONSPEED\onspeedcore.exe" [10/19/2007 05:50 AM 344064][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]C:\Documents and Settings\All Users\çں‍ê، ں§ڑ\ںé©ںê¤\§ک ں颬نïé\Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]ONSPEED.lnk - C:\Program Files\ONSPEED\onspeedgui.exe [2008-10-24 229376][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Avant Browser\\avant.exe"=R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [05/04/2007 11:00 PM 105984]*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.s of the 'Scheduled Tasks' folder2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [04/11/2008 05:57 PM]..------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = hxxp://www.222z.net/newspaper.htmR1 -: HKCU-Internet Settings,ProxyOverride = *.localO8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 -: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 -: Download all links with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEGetAll.htmO8 -: Download ALL with IDA - C:\Program Files\IDA\idaieall.htmO8 -: Download FLV video with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEGetVL.htmO8 -: Download with IDA - C:\Program Files\IDA\idaie.htmO8 -: Download with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEExt.htmO8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cabC:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
scan 2008-10-27 00:39:20Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 10/27/2008 0:39:46ComboFix-quarantined-files.txt 2008-10-26 21:39:44ComboFix2.txt 2008-10-26 21:36:22Pre-Run: 32,077,946,880 bytes freePost-Run: 32,067,055,616 bytes free161 --- E
O F --- 2008-10-26 10:16:18

وهذا عن طريق Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:46:51 ص, on 27/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exeC:\Program Files\ONSPEED\onspeedcore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PowerArchiver\PASTARTER.EXEC:\Program Files\IDA\ida.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\ONSPEED\onspeedgui.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\STacSV.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\drwtsn32.exeC:\WINDOWS\system32\drwtsn32.exeC:\DOCUME~1\Admin\LOCALS~1\Temp\_PA502\prem_sec_winnt_en_hp.exeC:\WINDOWS\system32\drwtsn32.exeC:\Downloads\Programs\antivir_workstation_winu_en_hp.exeC:\WINDOWS\system32\drwtsn32.exeC:\WINDOWS\system32\WISPTIS.EXEC:\DOCUME~1\Admin\LOCALS~1\Temp\_PA141\prem_sec_winnt_en_hp.exeC:\WINDOWS\system32\drwtsn32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\WINDOWS\system32\drwtsn32.exeC:\Downloads\Programs\antivir_workstation_winu_en_hp.exeC:\WINDOWS\system32\drwtsn32.exeC:\Downloads\Programs\antivir_workstation_winu_en_hp.exeC:\WINDOWS\system32\drwtsn32.exeC:\Program Files\Avant Browser\avant.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\explorer.exeC:\Downloads\Programs\Zyzoom_HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dllO2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dllO3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dllO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exeO4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exeO4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXEO4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorunO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exeO4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exeO8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEGetAll.htmO8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htmO8 - Extra context menu item: Download FLV video with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEGetVL.htmO8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htmO8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEExt.htmO8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dllO9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exeO9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exeO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe--End of file - 7969 bytes
 
تأييد 0
وسط الكتابه واعد لصق تقرير الهايجاك
 
توقيع : السّاجد لله
تأييد 0
الظاهر جهازك مليان بلاوي
تابع مع اخوي هشام
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:57 م, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\IDA\ida.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEGetAll.htm
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEGetVL.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Admin\Local Settings\Temp\_PA361\IEExt.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 7372 bytes
 
تأييد 0
تقريرك سليم
عدى قيمه وحده
وهي خاصه بالتولبار الي يتبع برنامج Onspeed
اذا تبي تحذفها هذي هي

O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll


سؤال
انت نزلت نسخة جديده غير الي عندك عن طريق الرابط الي عطيتك ؟
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى