اريد تحليل لهذا اتقرير

بيرفكت · 2 ديسمبر 2008

هذا تقرير جهازي
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:32:13 م, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Sakhr\SMS\Spg6 Client\Spg_5s.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{C3688A0D-AC67-4991-A9B0-149A27C8A2BC}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 8905 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1228
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 02/12/2008 06:04:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 388 K
Mem Usage Peak : 480 K
Page Faults : 212
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1532
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 02/12/2008 06:04:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4680 K
Mem Usage Peak : 4752 K
Page Faults : 8316
Pagefile Usage : 1788 K
Pagefile Peak Usage : 1788 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1556
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:04:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4968 K
Mem Usage Peak : 13204 K
Page Faults : 6257
Pagefile Usage : 6668 K
Pagefile Peak Usage : 8540 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1600
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 03/08/2004 07:56:56 م
File Modified Date : 03/08/2004 07:56:56 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:04:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4188 K
Mem Usage Peak : 4268 K
Page Faults : 1486
Pagefile Usage : 2140 K
Pagefile Peak Usage : 2304 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1612
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 03/08/2004 07:56:52 م
File Modified Date : 03/08/2004 07:56:52 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:04:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1528 K
Mem Usage Peak : 4832 K
Page Faults : 4024
Pagefile Usage : 3916 K
Pagefile Peak Usage : 4160 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1760
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:04:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5140 K
Mem Usage Peak : 5240 K
Page Faults : 1545
Pagefile Usage : 2888 K
Pagefile Peak Usage : 23528 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1804
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:04:08 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4360 K
Mem Usage Peak : 4364 K
Page Faults : 1258
Pagefile Usage : 1972 K
Pagefile Peak Usage : 2068 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1844
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:04:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 21380 K
Mem Usage Peak : 23152 K
Page Faults : 18407
Pagefile Usage : 14196 K
Pagefile Peak Usage : 16160 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 128
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:04:09 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4292 K
Mem Usage Peak : 4316 K
Page Faults : 1177
Pagefile Usage : 2312 K
Pagefile Peak Usage : 2384 K
File Attributes : A
==================================================
==================================================
Process Name : brsvc01a.exe
ProcessID : 560
Priority : Normal
Product Name : brother Industries Ltd brsvc01a
Version : 1, 0, 0, 3
Description : brsvc01a
Company : brother Industries Ltd
Window Title :
File Size : 57,344
File Created Date : 20/10/2008 08:48:32 ص
File Modified Date : 12/04/2002 09:00:00 ص
Filename : C:\WINDOWS\system32\brsvc01a.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:04:09 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1464 K
Mem Usage Peak : 1468 K
Page Faults : 398
Pagefile Usage : 452 K
Pagefile Peak Usage : 456 K
File Attributes : A
==================================================
==================================================
Process Name : brss01a.exe
ProcessID : 652
Priority : Normal
Product Name : brother Industries Ltd brss01a.exe
Version : 1.004
Description : brss01a.exe
Company : brother Industries Ltd
Window Title :
File Size : 45,056
File Created Date : 20/10/2008 08:48:31 ص
File Modified Date : 13/12/2001 09:01:00 ص
Filename : C:\WINDOWS\system32\brss01a.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:04:09 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2204 K
Mem Usage Peak : 2204 K
Page Faults : 599
Pagefile Usage : 656 K
Pagefile Peak Usage : 656 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 660
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:04:09 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7460 K
Mem Usage Peak : 7488 K
Page Faults : 2527
Pagefile Usage : 5756 K
Pagefile Peak Usage : 5996 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1236
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,032,192
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 02/12/2008 06:04:20 م
Visible Windows : 2
Hidden Windows : 31
User Name : USER\Administrator
Mem Usage : 31812 K
Mem Usage Peak : 34428 K
Page Faults : 33253
Pagefile Usage : 21316 K
Pagefile Peak Usage : 25292 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1352
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 25/04/2008 02:21:30 م
File Modified Date : 25/04/2008 02:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:04:20 م
Visible Windows : 0
Hidden Windows : 6
User Name : USER\Administrator
Mem Usage : 3856 K
Mem Usage Peak : 7908 K
Page Faults : 5319
Pagefile Usage : 3972 K
Pagefile Peak Usage : 4056 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1360
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 30/09/2008 07:57:50 م
File Modified Date : 30/09/2008 07:57:50 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:04:20 م
Visible Windows : 0
Hidden Windows : 2
User Name : USER\Administrator
Mem Usage : 332 K
Mem Usage Peak : 2976 K
Page Faults : 7830
Pagefile Usage : 988 K
Pagefile Peak Usage : 1028 K
File Attributes :
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1384
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:04:20 م
Visible Windows : 0
Hidden Windows : 5
User Name : USER\Administrator
Mem Usage : 3260 K
Mem Usage Peak : 3260 K
Page Faults : 957
Pagefile Usage : 980 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 1396
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 19/01/2007 08:55:14 ص
File Modified Date : 19/01/2007 08:55:14 ص
Filename : C:\Program Files\MSN Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:04:20 م
Visible Windows : 1
Hidden Windows : 31
User Name : USER\Administrator
Mem Usage : 6432 K
Mem Usage Peak : 26668 K
Page Faults : 12925
Pagefile Usage : 16600 K
Pagefile Peak Usage : 17096 K
File Attributes :
==================================================
==================================================
Process Name : avp.exe
ProcessID : 360
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 25/04/2008 02:21:30 م
File Modified Date : 25/04/2008 02:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:06:24 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 55356 K
Mem Usage Peak : 123928 K
Page Faults : 199258
Pagefile Usage : 48452 K
Pagefile Peak Usage : 124236 K
File Attributes : A
==================================================
==================================================
Process Name : btwdins.exe
ProcessID : 376
Priority : Normal
Product Name : Bluetooth Software 4.0.1.1500
Version : 4.0.1.1500
Description : Bluetooth Support Server
Company : Broadcom Corporation.
Window Title :
File Size : 254,007
File Created Date : 29/03/2005 12:20:28 م
File Modified Date : 29/03/2005 12:20:28 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:06:25 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2948 K
Mem Usage Peak : 3304 K
Page Faults : 1237
Pagefile Usage : 2084 K
Pagefile Peak Usage : 2248 K
File Attributes : A
==================================================
==================================================
Process Name : crypserv.exe
ProcessID : 396
Priority : High
Product Name : CrypKey Software Licensing System
Version : 5.4.0
Description : CrypKey NT Service
Company : Kenonic Controls Ltd.
Window Title :
File Size : 52,224
File Created Date : 13/09/2008 06:50:53 ص
File Modified Date : 29/06/2000 08:45:10 ص
Filename : C:\WINDOWS\system32\crypserv.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:06:25 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1904 K
Mem Usage Peak : 1904 K
Page Faults : 513
Pagefile Usage : 876 K
Pagefile Peak Usage : 876 K
File Attributes : A
==================================================
==================================================
Process Name : LSSrvc.exe
ProcessID : 464
Priority : Normal
Product Name : LightScribe
Version : 1.4.124.1
Description :
Company : Hewlett-Packard Company
Window Title :
File Size : 61,440
File Created Date : 19/10/2006 09:52:24 ص
File Modified Date : 19/10/2006 09:52:24 ص
Filename : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:06:25 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2500 K
Mem Usage Peak : 2500 K
Page Faults : 654
Pagefile Usage : 800 K
Pagefile Peak Usage : 800 K
File Attributes : A
==================================================
==================================================
Process Name : MDM.EXE
ProcessID : 484
Priority : Normal
Product Name : Microsoft® Visual Studio .NET
Version : 7.00.9466
Description : Machine Debug Manager
Company : Microsoft Corporation
Window Title :
File Size : 322,120
File Created Date : 19/06/2003 08:25:00 م
File Modified Date : 19/06/2003 08:25:00 م
Filename : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Base Address : 0x00400000
Created On : 02/12/2008 06:06:26 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2824 K
Mem Usage Peak : 2832 K
Page Faults : 826
Pagefile Usage : 988 K
Pagefile Peak Usage : 1004 K
File Attributes : A
==================================================
==================================================
Process Name : sqlservr.exe
ProcessID : 696
Priority : Normal
Product Name : Microsoft SQL Server
Version : 2000.080.0194.00
Description : SQL Server Windows NT
Company : Microsoft Corporation
Window Title :
File Size : 7,442,493
File Created Date : 05/08/2000 09:50:20 م
File Modified Date : 05/08/2000 09:50:20 م
Filename : C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:06:26 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 19084 K
Mem Usage Peak : 19084 K
Page Faults : 5007
Pagefile Usage : 26620 K
Pagefile Peak Usage : 26620 K
File Attributes : A
==================================================
==================================================
Process Name : SMAgent.exe
ProcessID : 808
Priority : Normal
Product Name : SoundMAX service agent
Version : 3, 2, 6, 0
Description : SoundMAX service agent component
Company : Analog Devices, Inc.
Window Title :
File Size : 45,056
File Created Date : 13/09/2008 06:04:56 ص
File Modified Date : 20/09/2002 11:50:10 ص
Filename : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:06:31 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1744 K
Mem Usage Peak : 1744 K
Page Faults : 472
Pagefile Usage : 604 K
Pagefile Peak Usage : 604 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 2332
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 03/08/2004 07:56:48 م
File Modified Date : 03/08/2004 07:56:48 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:06:58 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3464 K
Mem Usage Peak : 3464 K
Page Faults : 925
Pagefile Usage : 1196 K
Pagefile Peak Usage : 1204 K
File Attributes : A
==================================================
==================================================
Process Name : OUTLOOK.EXE
ProcessID : 4044
Priority : Normal
Product Name : Microsoft Office Outlook
Version : 12.0.4518.1014
Description : Microsoft Office Outlook
Company : Microsoft Corporation
Window Title : علبة البريد - Microsoft Outlook
File Size : 12,813,096
File Created Date : 27/10/2006 11:16:48 ص
File Modified Date : 27/10/2006 11:16:48 ص
Filename : C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Base Address : 0x30000000
Created On : 02/12/2008 06:08:28 م
Visible Windows : 2
Hidden Windows : 43
User Name : USER\Administrator
Mem Usage : 9600 K
Mem Usage Peak : 95228 K
Page Faults : 101210
Pagefile Usage : 72812 K
Pagefile Peak Usage : 77424 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1516
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : ~*¤ô§ô¤*~ منتديات نـــــور ليمــــا ~*¤ô§ô¤*~ - Windows Internet Explorer
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:09:52 م
Visible Windows : 1
Hidden Windows : 21
User Name : USER\Administrator
Mem Usage : 3008 K
Mem Usage Peak : 19036 K
Page Faults : 21355
Pagefile Usage : 14000 K
Pagefile Peak Usage : 14376 K
File Attributes :
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 2016
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:09:54 م
Visible Windows : 0
Hidden Windows : 32
User Name : USER\Administrator
Mem Usage : 64632 K
Mem Usage Peak : 65268 K
Page Faults : 38532
Pagefile Usage : 57740 K
Pagefile Peak Usage : 58580 K
File Attributes :
==================================================
==================================================
Process Name : WLLoginProxy.exe
ProcessID : 2544
Priority : Normal
Product Name : Microsoft® Windows Live Login Helper
Version : 4.100.313.1
Description : WLLoginProxy.exe
Company : Microsoft Corporation
Window Title :
File Size : 115,024
File Created Date : 31/08/2006 04:33:02 م
File Modified Date : 31/08/2006 04:33:02 م
Filename : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:09:58 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 7500 K
Mem Usage Peak : 7516 K
Page Faults : 2005
Pagefile Usage : 4844 K
Pagefile Peak Usage : 4912 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 712
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:12:26 م
Visible Windows : 0
Hidden Windows : 33
User Name : USER\Administrator
Mem Usage : 72056 K
Mem Usage Peak : 73292 K
Page Faults : 59338
Pagefile Usage : 63980 K
Pagefile Peak Usage : 65476 K
File Attributes :
==================================================
==================================================
Process Name : Spg_5s.exe
ProcessID : 3228
Priority : Normal
Product Name : مجموعة برامج الأدارة المدرسية 5.0 SQL
Version : 6.00
Description :
Company : Sakhr Software Co.
Window Title : مجموعة برامج الإدارة المدرسية - الإصدار 6.0 SQL - مدرسة مسندم للتعليم العام للصفوف 11 - 12
File Size : 1,904,640
File Created Date : 22/09/2008 01:58:57 م
File Modified Date : 19/08/2008 08:09:04 ص
Filename : C:\Program Files\Sakhr\SMS\Spg6 Client\Spg_5s.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:22:21 م
Visible Windows : 2
Hidden Windows : 6
User Name : USER\Administrator
Mem Usage : 4280 K
Mem Usage Peak : 59452 K
Page Faults : 17952
Pagefile Usage : 41416 K
Pagefile Peak Usage : 49296 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 644
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 30/11/2008 03:10:02 م
File Modified Date : 31/01/2008 09:24:25 م
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:31:48 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 2052 K
Mem Usage Peak : 2068 K
Page Faults : 611
Pagefile Usage : 680 K
Pagefile Peak Usage : 760 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3744
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 02/12/2008 06:31:52 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER\Administrator
Mem Usage : 2780 K
Mem Usage Peak : 2844 K
Page Faults : 797
Pagefile Usage : 2064 K
Pagefile Peak Usage : 2132 K
File Attributes : A
==================================================
==================================================
Process Name : ntvdm.exe
ProcessID : 3944
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : NTVDM.EXE
Company : Microsoft Corporation
Window Title :
File Size : 419,840
File Created Date : 03/08/2004 07:56:56 م
File Modified Date : 03/08/2004 07:56:56 م
Filename : C:\WINDOWS\system32\ntvdm.exe
Base Address : 0x0F000000
Created On : 02/12/2008 06:31:54 م
Visible Windows : 0
Hidden Windows : 4
User Name : USER\Administrator
Mem Usage : 1044 K
Mem Usage Peak : 5076 K
Page Faults : 1817
Pagefile Usage : 2296 K
Pagefile Peak Usage : 2320 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 952
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 13/09/2008 05:47:21 ص
File Modified Date : 04/08/2004 04:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:32:10 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5508 K
Mem Usage Peak : 5508 K
Page Faults : 1433
Pagefile Usage : 2916 K
Pagefile Peak Usage : 2916 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 720
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 30/11/2008 03:10:02 م
File Modified Date : 14/07/2005 03:46:34 ص
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:32:14 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 2104 K
Mem Usage Peak : 2156 K
Page Faults : 938
Pagefile Usage : 936 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
sprestrt
sprestrt
Restores registry to restart GUI-mode part of setup
Microsoft Corporation
5.01.2600.0000
c:\windows\system32\sprestrt.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
explorer.exe
explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0357
c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0045
c:\program files\common files\real\update_ob\realsched.exe
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Adobe Acrobat SpeedLauncher
Adobe Systems Incorporated
8.00.0000.0000
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
msnmsgr
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Messenger
Microsoft Corporation
8.01.0178.0000
c:\program files\msn messenger\msnmsgr.exe
Task Scheduler
At1.job
C:\WINDOWS\system32\SSVICHOSST.exe
File not found: C:\WINDOWS\system32\SSVICHOSST.exe
At2.job
C:\WINDOWS\system32\SSVICHOSST.exe
File not found: C:\WINDOWS\system32\SSVICHOSST.exe
User_Feed_Synchronization-{9449197F-7ADF-4AC2-9D9E-40DE2236059A}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18241
c:\windows\system32\msfeedssync.exe
User_Feed_Synchronization-{BCF5D7E8-E78A-453F-A1CE-B9E55388D971}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18241
c:\windows\system32\msfeedssync.exe
.
.
----------- End Report ---------------

Demo-dash · 2 ديسمبر 2008

احذف

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

طريقة الحذف

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وعليك بالعافيه

Corporation · 2 ديسمبر 2008

بعد أذ أستاذي ديمو :d:

سوي ألي قال لك عليه أستآذي ديمودآش

k:

بس القيم ألتي تحمل

04

الأحسن لك تتطبق الأتي :q:

O4

من اخطر القيم في التعامل معها واكثرها صعوبة
هي عبارة عن برامج بدء التشغيل وملفات الوندوز التي تعمل مع اقلاع الوندوز
سبب خطورتها هي ان اغلب الفيروسات وبرامج التجسس تكون فيها او تكون مدموجة مع ملفات الوندوز وحذفها قد يسبب خلل في عمل الوندوز

الافضل دائما فحص الجهاز بمكافح فيروسات قوي وينصح بالتالي

اقتباس

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

وبس وكل شئ سوي مثل مآ قال لك :d:

وبعدين هذه القيم هي برامج بدء التشغيل

يعني هي بيئة الفيروسات

فقلل من برامج بدء التشغيل أحسن لك :bleh:

موفق :d:

Demo-dash · 2 ديسمبر 2008

COMPAQ99 قال:
بعد أذ أستاذي ديمو :d:

سوي ألي قال لك عليه أستآذي ديمودآش k:

بس القيم ألتي تحمل

04

الأحسن لك تتطبق الأتي :q:

O4

من اخطر القيم في التعامل معها واكثرها صعوبة
هي عبارة عن برامج بدء التشغيل وملفات الوندوز التي تعمل مع اقلاع الوندوز
سبب خطورتها هي ان اغلب الفيروسات وبرامج التجسس تكون فيها او تكون مدموجة مع ملفات الوندوز وحذفها قد يسبب خلل في عمل الوندوز

الافضل دائما فحص الجهاز بمكافح فيروسات قوي وينصح بالتالي

اقتباس

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

وبس وكل شئ سوي مثل مآ قال لك :d:

وبعدين هذه القيم هي برام بدء التشغيل

يعني هي بيئة الفيروسات

فلل من برامج بدء التشغيل أحسن لك

موفق :d:

ياأبو الشباب القيم الي قلت عليها انا هي تشتغل مره وحده فقط وهي تابعه لبرنامج N-Lite حق تعديل الوندوز ,, مالها اي منفعه ,,, الأفضل تحذف
انا عارفها زين ,, مافيها خطوره تطمن ,, مايحتاج اداه الكاسبر ,, :d:

Corporation · 2 ديسمبر 2008

الشرح لأخوي مآكس > بريئ :d:

ع العموم أنت أفهم مني

:bleh:

بيرفكت · 2 ديسمبر 2008

هذا نتجة التقرير بعد ازالة القيم التي طلبتها

.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:09:19 م, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{C3688A0D-AC67-4991-A9B0-149A27C8A2BC}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 8655 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 644
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 02/12/2008 06:56:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 408 K
Mem Usage Peak : 720 K
Page Faults : 297
Pagefile Usage : 188 K
Pagefile Peak Usage : 1696 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1532
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 02/12/2008 06:56:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4100 K
Mem Usage Peak : 4344 K
Page Faults : 3467
Pagefile Usage : 1784 K
Pagefile Peak Usage : 1788 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1556
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:56:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5660 K
Mem Usage Peak : 13100 K
Page Faults : 6374
Pagefile Usage : 6672 K
Pagefile Peak Usage : 8460 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1600
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 03/08/2004 07:56:56 م
File Modified Date : 03/08/2004 07:56:56 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:56:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4196 K
Mem Usage Peak : 4308 K
Page Faults : 1468
Pagefile Usage : 2124 K
Pagefile Peak Usage : 2308 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1612
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 03/08/2004 07:56:52 م
File Modified Date : 03/08/2004 07:56:52 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:56:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3176 K
Mem Usage Peak : 4844 K
Page Faults : 3416
Pagefile Usage : 4012 K
Pagefile Peak Usage : 4012 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1756
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:56:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5180 K
Mem Usage Peak : 5228 K
Page Faults : 1539
Pagefile Usage : 2944 K
Pagefile Peak Usage : 23528 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1816
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:56:57 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4332 K
Mem Usage Peak : 4332 K
Page Faults : 1250
Pagefile Usage : 1932 K
Pagefile Peak Usage : 1932 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1856
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:56:57 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 22744 K
Mem Usage Peak : 23456 K
Page Faults : 25726
Pagefile Usage : 15652 K
Pagefile Peak Usage : 16288 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 180
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:56:57 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4312 K
Mem Usage Peak : 4312 K
Page Faults : 1156
Pagefile Usage : 2348 K
Pagefile Peak Usage : 2348 K
File Attributes : A
==================================================
==================================================
Process Name : brsvc01a.exe
ProcessID : 112
Priority : Normal
Product Name : brother Industries Ltd brsvc01a
Version : 1, 0, 0, 3
Description : brsvc01a
Company : brother Industries Ltd
Window Title :
File Size : 57,344
File Created Date : 20/10/2008 08:48:32 ص
File Modified Date : 12/04/2002 09:00:00 ص
Filename : C:\WINDOWS\system32\brsvc01a.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:56:58 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1464 K
Mem Usage Peak : 1468 K
Page Faults : 398
Pagefile Usage : 452 K
Pagefile Peak Usage : 456 K
File Attributes : A
==================================================
==================================================
Process Name : brss01a.exe
ProcessID : 676
Priority : Normal
Product Name : brother Industries Ltd brss01a.exe
Version : 1.004
Description : brss01a.exe
Company : brother Industries Ltd
Window Title :
File Size : 45,056
File Created Date : 20/10/2008 08:48:31 ص
File Modified Date : 13/12/2001 09:01:00 ص
Filename : C:\WINDOWS\system32\brss01a.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:56:58 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2200 K
Mem Usage Peak : 2200 K
Page Faults : 598
Pagefile Usage : 656 K
Pagefile Peak Usage : 656 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 684
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:56:58 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7464 K
Mem Usage Peak : 7476 K
Page Faults : 2429
Pagefile Usage : 5752 K
Pagefile Peak Usage : 5972 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1212
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,032,192
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 02/12/2008 06:57:07 م
Visible Windows : 2
Hidden Windows : 28
User Name : USER\Administrator
Mem Usage : 29740 K
Mem Usage Peak : 30000 K
Page Faults : 14018
Pagefile Usage : 19264 K
Pagefile Peak Usage : 21264 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1308
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 25/04/2008 02:21:30 م
File Modified Date : 25/04/2008 02:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:57:07 م
Visible Windows : 0
Hidden Windows : 5
User Name : USER\Administrator
Mem Usage : 5020 K
Mem Usage Peak : 7920 K
Page Faults : 3940
Pagefile Usage : 3648 K
Pagefile Peak Usage : 3648 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1336
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 30/09/2008 07:57:50 م
File Modified Date : 30/09/2008 07:57:50 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:57:07 م
Visible Windows : 0
Hidden Windows : 2
User Name : USER\Administrator
Mem Usage : 200 K
Mem Usage Peak : 2852 K
Page Faults : 9213
Pagefile Usage : 1000 K
Pagefile Peak Usage : 1012 K
File Attributes :
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1360
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:57:08 م
Visible Windows : 0
Hidden Windows : 5
User Name : USER\Administrator
Mem Usage : 3264 K
Mem Usage Peak : 3264 K
Page Faults : 958
Pagefile Usage : 980 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 1384
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title : Windows Live Messenger
File Size : 5,674,352
File Created Date : 19/01/2007 08:55:14 ص
File Modified Date : 19/01/2007 08:55:14 ص
Filename : C:\Program Files\MSN Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:57:08 م
Visible Windows : 2
Hidden Windows : 46
User Name : USER\Administrator
Mem Usage : 23988 K
Mem Usage Peak : 32364 K
Page Faults : 36754
Pagefile Usage : 41804 K
Pagefile Peak Usage : 41804 K
File Attributes :
==================================================
==================================================
Process Name : avp.exe
ProcessID : 380
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 25/04/2008 02:21:30 م
File Modified Date : 25/04/2008 02:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:59:12 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 25988 K
Mem Usage Peak : 123752 K
Page Faults : 115377
Pagefile Usage : 47168 K
Pagefile Peak Usage : 124372 K
File Attributes : A
==================================================
==================================================
Process Name : btwdins.exe
ProcessID : 396
Priority : Normal
Product Name : Bluetooth Software 4.0.1.1500
Version : 4.0.1.1500
Description : Bluetooth Support Server
Company : Broadcom Corporation.
Window Title :
File Size : 254,007
File Created Date : 29/03/2005 12:20:28 م
File Modified Date : 29/03/2005 12:20:28 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:59:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2944 K
Mem Usage Peak : 3300 K
Page Faults : 1687
Pagefile Usage : 2084 K
Pagefile Peak Usage : 2276 K
File Attributes : A
==================================================
==================================================
Process Name : crypserv.exe
ProcessID : 416
Priority : High
Product Name : CrypKey Software Licensing System
Version : 5.4.0
Description : CrypKey NT Service
Company : Kenonic Controls Ltd.
Window Title :
File Size : 52,224
File Created Date : 13/09/2008 06:50:53 ص
File Modified Date : 29/06/2000 08:45:10 ص
Filename : C:\WINDOWS\system32\crypserv.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:59:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1908 K
Mem Usage Peak : 1908 K
Page Faults : 514
Pagefile Usage : 876 K
Pagefile Peak Usage : 876 K
File Attributes : A
==================================================
==================================================
Process Name : LSSrvc.exe
ProcessID : 484
Priority : Normal
Product Name : LightScribe
Version : 1.4.124.1
Description :
Company : Hewlett-Packard Company
Window Title :
File Size : 61,440
File Created Date : 19/10/2006 09:52:24 ص
File Modified Date : 19/10/2006 09:52:24 ص
Filename : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:59:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2504 K
Mem Usage Peak : 2504 K
Page Faults : 655
Pagefile Usage : 800 K
Pagefile Peak Usage : 800 K
File Attributes : A
==================================================
==================================================
Process Name : MDM.EXE
ProcessID : 500
Priority : Normal
Product Name : Microsoft® Visual Studio .NET
Version : 7.00.9466
Description : Machine Debug Manager
Company : Microsoft Corporation
Window Title :
File Size : 322,120
File Created Date : 19/06/2003 08:25:00 م
File Modified Date : 19/06/2003 08:25:00 م
Filename : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Base Address : 0x00400000
Created On : 02/12/2008 06:59:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2816 K
Mem Usage Peak : 2820 K
Page Faults : 813
Pagefile Usage : 1000 K
Pagefile Peak Usage : 1004 K
File Attributes : A
==================================================
==================================================
Process Name : sqlservr.exe
ProcessID : 788
Priority : Normal
Product Name : Microsoft SQL Server
Version : 2000.080.0194.00
Description : SQL Server Windows NT
Company : Microsoft Corporation
Window Title :
File Size : 7,442,493
File Created Date : 05/08/2000 09:50:20 م
File Modified Date : 05/08/2000 09:50:20 م
Filename : C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:59:14 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7592 K
Mem Usage Peak : 7592 K
Page Faults : 2096
Pagefile Usage : 17892 K
Pagefile Peak Usage : 17964 K
File Attributes : A
==================================================
==================================================
Process Name : SMAgent.exe
ProcessID : 840
Priority : Normal
Product Name : SoundMAX service agent
Version : 3, 2, 6, 0
Description : SoundMAX service agent component
Company : Analog Devices, Inc.
Window Title :
File Size : 45,056
File Created Date : 13/09/2008 06:04:56 ص
File Modified Date : 20/09/2002 11:50:10 ص
Filename : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Base Address : 0x00400000
Created On : 02/12/2008 06:59:18 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1748 K
Mem Usage Peak : 1748 K
Page Faults : 473
Pagefile Usage : 604 K
Pagefile Peak Usage : 604 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 2280
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 03/08/2004 07:56:48 م
File Modified Date : 03/08/2004 07:56:48 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 02/12/2008 06:59:45 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3464 K
Mem Usage Peak : 3464 K
Page Faults : 929
Pagefile Usage : 1200 K
Pagefile Peak Usage : 1212 K
File Attributes : A
==================================================
==================================================
Process Name : wuauclt.exe
ProcessID : 2600
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)
Description : Automatic Updates
Company : Microsoft Corporation
Window Title :
File Size : 111,104
File Created Date : 13/09/2008 05:49:53 ص
File Modified Date : 03/08/2004 08:56:58 م
Filename : C:\WINDOWS\system32\wuauclt.exe
Base Address : 0x00400000
Created On : 02/12/2008 07:00:16 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6644 K
Mem Usage Peak : 6648 K
Page Faults : 1792
Pagefile Usage : 6532 K
Pagefile Peak Usage : 6548 K
File Attributes : A
==================================================
==================================================
Process Name : OUTLOOK.EXE
ProcessID : 3576
Priority : Normal
Product Name : Microsoft Office Outlook
Version : 12.0.4518.1014
Description : Microsoft Office Outlook
Company : Microsoft Corporation
Window Title : علبة البريد - Microsoft Outlook
File Size : 12,813,096
File Created Date : 27/10/2006 11:16:48 ص
File Modified Date : 27/10/2006 11:16:48 ص
Filename : C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Base Address : 0x30000000
Created On : 02/12/2008 08:07:13 م
Visible Windows : 2
Hidden Windows : 23
User Name : USER\Administrator
Mem Usage : 14832 K
Mem Usage Peak : 30420 K
Page Faults : 20077
Pagefile Usage : 14464 K
Pagefile Peak Usage : 14472 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 4076
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 97,136
File Created Date : 19/01/2007 08:54:14 ص
File Modified Date : 19/01/2007 08:54:14 ص
Filename : C:\Program Files\MSN Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 02/12/2008 08:08:10 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2624 K
Mem Usage Peak : 2624 K
Page Faults : 705
Pagefile Usage : 872 K
Pagefile Peak Usage : 876 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 540
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 13/09/2008 05:47:21 ص
File Modified Date : 04/08/2004 04:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 02/12/2008 08:08:26 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4716 K
Mem Usage Peak : 4716 K
Page Faults : 1240
Pagefile Usage : 2464 K
Pagefile Peak Usage : 2916 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 816
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- Windows Internet Explorer
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 02/12/2008 08:08:32 م
Visible Windows : 1
Hidden Windows : 14
User Name : USER\Administrator
Mem Usage : 4040 K
Mem Usage Peak : 17964 K
Page Faults : 6066
Pagefile Usage : 11624 K
Pagefile Peak Usage : 13136 K
File Attributes :
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1652
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 02/12/2008 08:08:36 م
Visible Windows : 0
Hidden Windows : 22
User Name : USER\Administrator
Mem Usage : 37668 K
Mem Usage Peak : 37800 K
Page Faults : 16213
Pagefile Usage : 30632 K
Pagefile Peak Usage : 30664 K
File Attributes :
==================================================
==================================================
Process Name : WLLoginProxy.exe
ProcessID : 2408
Priority : Normal
Product Name : Microsoft® Windows Live Login Helper
Version : 4.100.313.1
Description : WLLoginProxy.exe
Company : Microsoft Corporation
Window Title :
File Size : 115,024
File Created Date : 31/08/2006 04:33:02 م
File Modified Date : 31/08/2006 04:33:02 م
Filename : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
Base Address : 0x01000000
Created On : 02/12/2008 08:08:39 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 7508 K
Mem Usage Peak : 7516 K
Page Faults : 1996
Pagefile Usage : 4892 K
Pagefile Peak Usage : 4912 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 1928
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 02/12/2008 04:08:56 م
File Modified Date : 31/01/2008 09:24:25 م
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 02/12/2008 08:08:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 2060 K
Mem Usage Peak : 2076 K
Page Faults : 613
Pagefile Usage : 768 K
Pagefile Peak Usage : 848 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 236
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 02/12/2008 08:09:00 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER\Administrator
Mem Usage : 2780 K
Mem Usage Peak : 2844 K
Page Faults : 801
Pagefile Usage : 2060 K
Pagefile Peak Usage : 2136 K
File Attributes : A
==================================================
==================================================
Process Name : ntvdm.exe
ProcessID : 952
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : NTVDM.EXE
Company : Microsoft Corporation
Window Title :
File Size : 419,840
File Created Date : 03/08/2004 07:56:56 م
File Modified Date : 03/08/2004 07:56:56 م
Filename : C:\WINDOWS\system32\ntvdm.exe
Base Address : 0x0F000000
Created On : 02/12/2008 08:09:04 م
Visible Windows : 0
Hidden Windows : 4
User Name : USER\Administrator
Mem Usage : 1076 K
Mem Usage Peak : 5036 K
Page Faults : 1816
Pagefile Usage : 2296 K
Pagefile Peak Usage : 2320 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2524
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 13/09/2008 05:47:21 ص
File Modified Date : 04/08/2004 04:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 02/12/2008 08:09:17 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5500 K
Mem Usage Peak : 5500 K
Page Faults : 1431
Pagefile Usage : 2916 K
Pagefile Peak Usage : 2916 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3180
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 02/12/2008 04:08:56 م
File Modified Date : 14/07/2005 03:46:34 ص
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 02/12/2008 08:09:19 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 2088 K
Mem Usage Peak : 2140 K
Page Faults : 941
Pagefile Usage : 936 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
sprestrt
sprestrt
Restores registry to restart GUI-mode part of setup
Microsoft Corporation
5.01.2600.0000
c:\windows\system32\sprestrt.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
explorer.exe
explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0357
c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0045
c:\program files\common files\real\update_ob\realsched.exe
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Adobe Acrobat SpeedLauncher
Adobe Systems Incorporated
8.00.0000.0000
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
msnmsgr
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Messenger
Microsoft Corporation
8.01.0178.0000
c:\program files\msn messenger\msnmsgr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Privacy Suite
"C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
Privacy Suite (TM)
CyberScrub LLC
4.07.0000.0139
c:\documents and settings\administrator\application data\cleaner\cspseraser.exe
Task Scheduler
At1.job
C:\WINDOWS\system32\SSVICHOSST.exe
File not found: C:\WINDOWS\system32\SSVICHOSST.exe
At2.job
C:\WINDOWS\system32\SSVICHOSST.exe
File not found: C:\WINDOWS\system32\SSVICHOSST.exe
User_Feed_Synchronization-{9449197F-7ADF-4AC2-9D9E-40DE2236059A}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18241
c:\windows\system32\msfeedssync.exe
User_Feed_Synchronization-{BCF5D7E8-E78A-453F-A1CE-B9E55388D971}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18241
c:\windows\system32\msfeedssync.exe
.
.
----------- End Report ---------------

بيرفكت · 2 ديسمبر 2008

انا عندي مشكلة بالجهاز وهي بطى عند التشغيل حيث انه ياخذ وقت طويل لتكتمل الايقونات الى بالشريط الي بجانب الساعة وما اعرف شنو السبب

Demo-dash · 2 ديسمبر 2008

باقي لك هذي القيم لسا ماانحذفت

O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')

O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

ثم تقرير جديد

Demo-dash · 2 ديسمبر 2008

بيرفكت قال:
انا عندي مشكلة بالجهاز وهي بطى عند التشغيل حيث انه ياخذ وقت طويل لتكتمل الايقونات الى بالشريط الي بجانب الساعة وما اعرف شنو السبب

عفوا اعملي التالي

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

ارفع علامة الصح من امام كل القيم

ما عدا الانتي فايروس الخاص بك
والمثال هنا على الكاسبر وانت قيس على جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم وافق على اعادة التغشيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد اعاده تشغيل الجهاز احذفي القيم الباقي الي قلت لك عليها

فهي سبب بطء الجهاز

بيرفكت · 2 ديسمبر 2008

هذه النتجة

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:58:02 م, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\internet explorer\iexplore.exe
D:\براااااااااامج\برامج وادوات حماية\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{C3688A0D-AC67-4991-A9B0-149A27C8A2BC}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 7598 bytes

Demo-dash · 2 ديسمبر 2008

الحمدلله قلت ,, باقي هذي بس

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE

طبعا احذفي القيم بعد هذي الخطوه ,,

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility

اعمل كما يلي

ارفع علامة الصح من امام كل القيم

ما عدا الانتي فايروس الخاص بك
والمثال هنا على الكاسبر وانت قيس على جهازك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم وافق على اعادة التغشيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد اعاده تشغيل الجهاز احذفي القيم الباقي الي قلت لك عليها

اذا سويتيها خلاص

بيرفكت · 2 ديسمبر 2008

النتجة الان

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:44 م, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\internet explorer\iexplore.exe
D:\براااااااااامج\برامج وادوات حماية\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{C3688A0D-AC67-4991-A9B0-149A27C8A2BC}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 7348 bytes

Demo-dash · 2 ديسمبر 2008

بقيت هذي القيمه الوحيده فقط ,,

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')

وجهازك راح يسير 100% بحول الله

بيرفكت · 2 ديسمبر 2008

النتجة الان

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:55 م, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
D:\براااااااااامج\برامج وادوات حماية\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{C3688A0D-AC67-4991-A9B0-149A27C8A2BC}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 7303 bytes

Demo-dash · 2 ديسمبر 2008

الان التقرير سليم

والحمد لله

اي خدمة ثانية لا تتردد/ي بطرحها

بالتوفيق

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى فضى

توقيع : Corporation

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى فضى

توقيع : Corporation

زيزوومي جديد

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومي جديد

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash