مرحبا
هذا يا أختي التقرير الأول الكمبوووو
ComboFix 08-11-01.04 - anw 11/02/2008 7:53:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1513 [GMT 3:00]
Running from: C:\Documents and Settings\anw\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msssc.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 04:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-02 04:45 --------- d-----w C:\Documents and Settings\anw\Application Data\DMCache
2008-11-01 18:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore
2008-11-01 17:25 --------- d-----w C:\Documents and Settings\anw\Application Data\IDM
2008-11-01 16:00 --------- d-----w C:\Documents and Settings\anw\Application Data\MiniDm
2008-11-01 15:27 --------- d-----w C:\Program Files\MuvEnum
2008-11-01 15:21 --------- d-----w C:\Program Files\IEPro
2008-11-01 15:21 --------- d-----w C:\Documents and Settings\anw\Application Data\IEPro
2008-11-01 14:18 --------- d-----w C:\Documents and Settings\anw\Application Data\OfficeUpdate12
2008-11-01 14:09 --------- d-----w C:\Program Files\ACW
2008-11-01 13:34 --------- d-----w C:\Program Files\Easy Screen Capture 2
2008-11-01 13:34 --------- d-----w C:\Documents and Settings\anw\Application Data\Longfine Software
2008-11-01 13:33 --------- d-----w C:\Program Files\Total Video Converter
2008-11-01 12:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-01 12:05 --------- d-----w C:\Documents and Settings\anw\Application Data\passport_photo
2008-11-01 12:05 --------- d-----w C:\Documents and Settings\anw\Application Data\InstallShield
2008-11-01 12:04 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-11-01 12:04 --------- d-----w C:\Program Files\CCleaner
2008-11-01 12:04 --------- d-----w C:\Program Files\bfgclient
2008-11-01 12:04 --------- d-----w C:\Documents and Settings\anw\Application Data\ATI MMC
2008-11-01 12:04 --------- d-----w C:\Documents and Settings\anw\Application Data\ATI
2008-11-01 12:03 --------- d-----w C:\Program Files\Error Repair Professional
2008-11-01 12:02 --------- d-----w C:\Program Files\SweetIM
2008-11-01 12:02 --------- d-----w C:\Program Files\PicaLoader
2008-11-01 12:02 --------- d-----w C:\Program Files\Pet Show Craze
2008-11-01 12:02 --------- d-----w C:\Program Files\Megaplex Madness - Now Playing
2008-11-01 12:02 --------- d-----w C:\Program Files\History Sweeper
2008-11-01 12:02 --------- d-----w C:\Program Files\GetSmile
2008-11-01 12:02 --------- d-----w C:\Documents and Settings\anw\Application Data\PetShowCraze
2008-11-01 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-11-01 12:01 --------- d-----w C:\Program Files\8-6_xp32_dd_ccc_wdm_enu_64783
2008-11-01 12:00 --------- d-----w C:\Program Files\MagicWhiteboard
2008-10-31 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-10-31 20:32 --------- d-----w C:\Program Files\ATI Technologies
2008-10-31 16:44 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-31 16:44 172,032 ------w C:\WINDOWS\Setup1.exe
2008-10-31 12:24 --------- d-----w C:\Documents and Settings\anw\Application Data\Sofrayt
2008-10-31 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM
2008-10-31 08:46 --------- d-----w C:\Documents and Settings\anw\Application Data\U3
2008-10-31 03:10 --------- d-----w C:\Program Files\Registry Shower 2007
2008-10-30 15:48 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-10-30 12:51 --------- d-----w C:\Program Files\McAfee
2008-10-29 22:59 --------- d-----w C:\Program Files\Ashampoo
2008-10-29 22:38 --------- d-----w C:\Documents and Settings\anw\Application Data\Media Player Classic
2008-10-29 20:34 --------- d-----w C:\Program Files\Microsoft Works
2008-10-29 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-10-29 19:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-10-29 19:51 --------- d-----w C:\Program Files\Common Files\L&H
2008-10-29 19:49 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-29 19:30 --------- d-----w C:\Program Files\msaccrt
2008-10-29 18:06 --------- d-----w C:\Program Files\Google
2008-10-29 17:00 --------- d-----w C:\Documents and Settings\anw\Application Data\Grisoft
2008-10-29 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-29 16:50 --------- d-----w C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility
2008-10-29 16:47 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-29 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-29 16:44 --------- d-----w C:\Program Files\SiteAdvisor
2008-10-29 16:43 --------- d-----w C:\Program Files\Common Files\McAfee
2008-10-29 16:42 --------- d-----w C:\Program Files\McAfee.com
2008-10-29 16:19 --------- d-----w C:\Program Files\Photo-Brush
2008-10-29 16:10 --------- d-----w C:\Program Files\PC Washer
2008-10-29 15:35 --------- d-----w C:\Program Files\Boilsoft Video Joiner
2008-10-29 15:29 --------- d-----w C:\Documents and Settings\anw\Application Data\Ahead
2008-10-29 15:27 --------- d-----w C:\Program Files\Nero
2008-10-29 15:27 --------- d-----w C:\Program Files\Common Files\Ahead
2008-10-29 15:16 --------- d-----w C:\Program Files\FILE RECOVERY for Windows
2008-10-29 14:43 --------- d-----w C:\Program Files\WinAVI Video Converter 9.0
2008-10-29 14:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-29 14:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-29 14:29 --------- d-----w C:\Program Files\Real
2008-10-29 14:29 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-29 14:29 --------- d-----w C:\Program Files\Common Files\Real
2008-10-29 14:11 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 14:11 --------- d-----w C:\Documents and Settings\anw\Application Data\Malwarebytes
2008-10-29 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 13:49 --------- d-----w C:\Program Files\TechSmith
2008-10-29 13:49 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-10-29 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-10-29 13:21 --------- d-----w C:\Program Files\Say the Time
2008-10-29 13:08 --------- d-----w C:\Program Files\No1 DVD Ripper
2008-10-29 13:04 --------- d-----w C:\Program Files\Yahoo!
2008-10-29 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-29 13:00 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-29 12:58 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-10-29 12:58 --------- d-----w C:\Documents and Settings\anw\Application Data\ACD Systems
2008-10-29 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-29 12:57 --------- d-----w C:\Program Files\ACD Systems
2008-10-29 12:38 --------- d-----w C:\Program Files\OJOsoft
2008-10-29 12:38 --------- d-----w C:\Program Files\Common Files\Common Share
2008-10-29 12:36 --------- d-----w C:\Documents and Settings\anw\Application Data\Thinstall
2008-10-29 12:32 --------- d-----w C:\Program Files\RM to MP3 Converter
2008-10-29 12:31 81,920 ----a-w C:\Documents and Settings\anw\Application Data\ezpinst.exe
2008-10-29 12:31 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-10-29 12:31 47,360 ----a-w C:\Documents and Settings\anw\Application Data\pcouffin.sys
2008-10-29 12:31 --------- d-----w C:\Program Files\Media Convert Master
2008-10-29 12:31 --------- d-----w C:\Documents and Settings\anw\Application Data\Vso
2008-10-29 12:25 --------- d-----w C:\Program Files\CreativePainter
2008-10-29 12:22 --------- d-----w C:\Documents and Settings\anw\Application Data\Photodex
2008-10-29 12:09 --------- d-----w C:\Program Files\Broadcom
2008-10-29 11:55 --------- d-----w C:\Program Files\Analog Devices
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [11/04/2004 04:46 PM 106573]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [11/04/2004 04:43 PM 69707]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [08/26/2004 10:21 PM 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 11:00 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/03/2004 07:40 PM 344064]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [10/10/1999 08:00 PM 41984]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [04/14/2008 11:00 AM 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/14/2008 11:00 AM 59392]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 01:08 AM 34672]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [07/30/2003 07:38 AM 143360]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [07/11/2008 05:18 PM 641208]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [06/13/2008 02:59 AM 1176808]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 11:00 AM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 11:00 AM 455168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2008-10-29 737280]
Say the Time.lnk - C:\Program Files\Say the Time\SayTime.exe [2007-05-18 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YU12"= ATIYUV12.DLL
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^naviscope.lnk]
backup=C:\WINDOWS\pss\naviscope.lnkStartup
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\naviscope.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 11/03/2007 03:20 AM 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweeper.exe]
--a------ 08/26/2008 02:42 AM 176128 C:\Program Files\History Sweeper\sweeper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 03/27/2008 07:31 PM 111928 C:\Program Files\SweetIM\Messenger\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 10/29/2008 05:29 PM 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Documents and Settings\\anw\\Desktop\\skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [10/08/2008 12:04 PM 203280]
R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [03/31/2004 09:00 AM 73216]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [09/26/2006 09:51 PM 21920]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [10/02/2002 08:27 AM 13532]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [01/11/2007 01:20 PM 194304]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [03/14/2006 04:22 AM 349184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3426dc8-a599-11dd-811d-00c0ca1baab5}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SJYPKT
.
s of the 'Scheduled Tasks' folder
2008-10-29 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [07/09/2008 06:10 PM]
2008-10-31 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [07/09/2008 06:10 PM]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-Say the Time - (no file)
MSConfigStartUp-bfjvin - c:\documents and settings\anw\local settings\application data\bfjvin.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://search.ie7pro.com/
O8 -: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - C:\Program Files\IEPro\iepro.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-02 07:56:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/02/2008 7:57:02
ComboFix-quarantined-files.txt 2008-11-02 04:56:59
Pre-Run: 58,702,774,272 bytes free
Post-Run: 58,691,993,600 bytes free
228 --- E O F --- 2008-11-01 15:32:15
وهذا التقرير لأداة الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:36 ص, on 02/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Say the Time\SayTimeMain.exe
C:\Program Files\Say the Time\SayTimeMain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Say the Time\sttnotes.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\anw\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - :C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: LastClosedTab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
O4 - Global Startup: Say the Time.lnk = C:\Program Files\Say the Time\SayTime.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Open Last Closed Tab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 8418 bytes
في إنتظار الرد يا خلود الغالية ومشكورة
