• بادئ الموضوع بادئ الموضوع أبوعوض
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,899

أبوعوض

زيزوومى فعال
إنضم
29 ديسمبر 2008
المشاركات
216
مستوى التفاعل
3
النقاط
280
الإقامة
in Riyadh
غير متصل
إليكم التقرير :

Logfile of HijackThis v1.99.1
Scan saved at 02:18:03 ص, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {B88C35D6-49AF-4189-A03E-670DBA6C3E35} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: $sha1RSA$ - {70EC7319-7EB4-4A50-B0C7-97A7CDA92E9A} - C:\Program Files\IEToolbar\e.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe" autostart
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: عمادة التعاملات الإلكترونية والإتصالات - {5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - C:\Program Files\IEToolbar\e.dll
O9 - Extra 'Tools' menuitem: عمادة التعاملات الإلكترونية والإتصالات - {5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - C:\Program Files\IEToolbar\e.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgamsvr.exe (file missing)
O23 - Service: AVG7 Kernel (Avg7Core) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7core.sys (file missing)
O23 - Service: AVG7 Wrap Driver (Avg7RsW) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7rsw.sys (file missing)
O23 - Service: AVG7 Resident Driver XP (Avg7RsXP) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7rsxp.sys (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgupsvc.exe (file missing)
O23 - Service: AVG7 Clean Driver (AvgClean) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgclean.sys (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgemc.exe (file missing)
O23 - Service: AVG Network Redirector (AvgTdi) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgtdi.sys (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


وشاكر لكم ومُقدّر ،،
 

توقيع : أبوعوض
اعمل هذا الفحص بالوضع الامن

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور


000.png





001.png





002.png





003.png





004.png





005.png
 
جاري عمل اللازم بالوضع الآمن

مع أن الصور لم تظهر لي يا عزيزي :)
 
توقيع : أبوعوض
جاري عمل اللازم بالوضع الآمن

مع أن الصور لم تظهر لي يا عزيزي :)


أتمنى تشرح لي الخطوات نصيا ..

لأني أعرف أتعامل معه بس وش أسوي هل أسوي سيرش ولا كلين ؟؟
 
توقيع : أبوعوض
هذا تقريره :

SmitFraudFix v2.388
Scan done at 3:08:44.79, Sun 01/25/2009
Run from C:\Documents and Settings\metx\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\
C:\autorun.inf FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metx

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\metx\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\metx\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\metx\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="ںé­ه¥، ںé©‍ï«ï، ںé¥ںéï،"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: بطاقة Dell Wireless 1390 WLAN Mini-Card اللاسلكية - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{74F1C394-E5FB-464D-B795-A4E996704B2C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74F1C394-E5FB-464D-B795-A4E996704B2C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{74F1C394-E5FB-464D-B795-A4E996704B2C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.117;85.255.112.26
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.113.117;85.255.112.26
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.113.117;85.255.112.26

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
 
توقيع : أبوعوض
اخي الصور ظاهرة
جرب هذا الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بكل الاحوال عند تشغيل الاداة اختر الخيار الثاني
 
سويت كلين بالوضع الآمن ببرنامج سميت

وهذا التقرير :

SmitFraudFix v2.391
Scan done at 3:39:16.84, Sun 01/25/2009
Run from C:\Documents and Settings\metx\My Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\autorun.inf
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{74F1C394-E5FB-464D-B795-A4E996704B2C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74F1C394-E5FB-464D-B795-A4E996704B2C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{74F1C394-E5FB-464D-B795-A4E996704B2C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.117;85.255.112.26
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.113.117;85.255.112.26
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.113.117;85.255.112.26

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
توقيع : أبوعوض
تقرير هايجاك لا هنت
 
تقرير هايجاك لا هنت


هذا التقرير والمعذرة ع التأخير


Logfile of HijackThis v1.99.1
Scan saved at 16:00:41, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.157\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {B88C35D6-49AF-4189-A03E-670DBA6C3E35} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O2 - BHO: $sha1RSA$ - {70EC7319-7EB4-4A50-B0C7-97A7CDA92E9A} - C:\Program Files\IEToolbar\e.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O3 - Toolbar: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Thinstall Setup Capture Continue] "C:\Program Files\VMware\VMware ThinApp\Setup Capture.exe" "C:\Program Files\VMware\VMware ThinApp\{6188A4AA-955D-4736-96E7-D8F27899D1C0}.snapshot" "C:\Program Files\VMware\VMware ThinApp\{8242B39D-97D6-48ED-8727-69B86F289874}.snapshot" "C:\ HKEY_LOCAL_MACHINE HKEY_USERS"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: عمادة التعاملات الإلكترونية والإتصالات - {5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - C:\Program Files\IEToolbar\e.dll
O9 - Extra 'Tools' menuitem: عمادة التعاملات الإلكترونية والإتصالات - {5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - C:\Program Files\IEToolbar\e.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgamsvr.exe (file missing)
O23 - Service: AVG7 Kernel (Avg7Core) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7core.sys (file missing)
O23 - Service: AVG7 Wrap Driver (Avg7RsW) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7rsw.sys (file missing)
O23 - Service: AVG7 Resident Driver XP (Avg7RsXP) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7rsxp.sys (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgupsvc.exe (file missing)
O23 - Service: AVG7 Clean Driver (AvgClean) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgclean.sys (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgemc.exe (file missing)
O23 - Service: AVG Network Redirector (AvgTdi) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgtdi.sys (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
 
توقيع : أبوعوض
لم يتم التنظيف
اعد التنظيف باستخدام الخيار رقم 5

004.png
 
لم يتم التنظيف
اعد التنظيف باستخدام الخيار رقم 5

004.png

على السيف مود ولآ على طول ...؟؟

والمعذرة ع الازعاج
 
توقيع : أبوعوض
على السيف مود
 
جاري تنظيفه بوضع السيف مود ..
 
توقيع : أبوعوض
تم التنظيف بواسطة رقم خمسة

وتم عمل تقرير بالهايجك :


Logfile of HijackThis v1.99.1
Scan saved at 01:30:10, on 26/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\metx\سطح المكتب\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {B88C35D6-49AF-4189-A03E-670DBA6C3E35} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O2 - BHO: $sha1RSA$ - {70EC7319-7EB4-4A50-B0C7-97A7CDA92E9A} - C:\Program Files\IEToolbar\e.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O3 - Toolbar: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Thinstall Setup Capture Continue] "C:\Program Files\VMware\VMware ThinApp\Setup Capture.exe" "C:\Program Files\VMware\VMware ThinApp\{6188A4AA-955D-4736-96E7-D8F27899D1C0}.snapshot" "C:\Program Files\VMware\VMware ThinApp\{8242B39D-97D6-48ED-8727-69B86F289874}.snapshot" "C:\ HKEY_LOCAL_MACHINE HKEY_USERS"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: عمادة التعاملات الإلكترونية والإتصالات - {5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - C:\Program Files\IEToolbar\e.dll
O9 - Extra 'Tools' menuitem: عمادة التعاملات الإلكترونية والإتصالات - {5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - C:\Program Files\IEToolbar\e.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.117;85.255.112.26
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgamsvr.exe (file missing)
O23 - Service: AVG7 Kernel (Avg7Core) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7core.sys (file missing)
O23 - Service: AVG7 Wrap Driver (Avg7RsW) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7rsw.sys (file missing)
O23 - Service: AVG7 Resident Driver XP (Avg7RsXP) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7rsxp.sys (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgupsvc.exe (file missing)
O23 - Service: AVG7 Clean Driver (AvgClean) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgclean.sys (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgemc.exe (file missing)
O23 - Service: AVG Network Redirector (AvgTdi) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgtdi.sys (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
 
توقيع : أبوعوض
تم إرسال التقرير الأخير ع الخاص :)
 
توقيع : أبوعوض
تم تحميل الأداة وتشغليها وسوت اعادة تشغيل طبعا اوقفت برنامج الحماية

والحمدلله كملت شغلها وحذفت كثييير :)

وهذا تقريرها :

******** 09-01-21.04 - metx 01/26/2009 13:05:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.2550.1935 [GMT 3:00]
Running from: c:\documents and settings\metx\My Documents\Downloads\Programs\********.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\IEToolbar
c:\program files\IEToolbar\autosearch_plugin.dll
c:\program files\IEToolbar\basis.xml
c:\program files\IEToolbar\channel.tmpl
c:\program files\IEToolbar\*******.tmpl
c:\program files\IEToolbar\e.crc
c:\program files\IEToolbar\e.dll
c:\program files\IEToolbar\E_BMP2.bmp
c:\program files\IEToolbar\favicon.ico
c:\program files\IEToolbar\info.txt
c:\program files\IEToolbar\marquee.tmpl
c:\program files\IEToolbar\RSSReader_plugin.dll
c:\program files\IEToolbar\siteActiv_plugin.dll
c:\program files\IEToolbar\tbhelper.dll
c:\program files\IEToolbar\uninstall.exe
c:\program files\IEToolbar\version.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\kakle.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive

((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 10:08 --------- d-----w c:\documents and settings\metx\Application Data\DMCache
2009-01-26 09:49 --------- d-----w c:\documents and settings\metx\Application Data\SlipStream
2009-01-26 09:18 --------- d-----w c:\documents and settings\user2\Application Data\SlipStream
2009-01-25 18:52 --------- d-----w c:\documents and settings\metx\Application Data\IDM
2009-01-25 11:03 --------- d-----w c:\program files\onspeed_toolbar
2009-01-25 11:03 --------- d-----w c:\program files\ONSPEED
2009-01-25 11:03 --------- d-----w c:\documents and settings\metx\Application Data\ONSPEED_TOOLBAR
2009-01-24 21:04 --------- d-----w c:\documents and settings\metx\Application Data\Thinstall
2009-01-23 21:10 --------- d-----w c:\documents and settings\metx\Application Data\IEPro
2009-01-23 21:09 --------- d-----w c:\documents and settings\metx\Application Data\ESET
2009-01-23 21:01 --------- d-----w c:\program files\Corel
2009-01-23 21:00 --------- d-----w c:\documents and settings\metx\Application Data\Ulead Systems
2009-01-23 21:00 --------- d-----w c:\documents and settings\metx\Application Data\Nokia
2009-01-23 20:58 --------- d-----w c:\program files\Easy GIF Animator
2009-01-23 20:57 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-23 18:21 32,574 ----a-w c:\windows\CRACK_safe_mod.exe
2009-01-23 13:27 --------- d-----w c:\documents and settings\metx\Application Data\AVG7
2009-01-23 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-01-23 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-01-22 23:07 --------- d-----w c:\program files\iVocalize Web Conference 4
2009-01-22 22:13 --------- d-----w c:\program files\Samy Soft
2009-01-18 20:09 --------- d-----w c:\program files\LeapFTP
2009-01-18 12:00 --------- d-----w c:\program files\Setup Factory 7.0
2009-01-18 12:00 --------- d-----w c:\documents and settings\metx\Application Data\IndigoRose
2009-01-18 10:08 --------- d-----w c:\program files\ESET
2009-01-17 20:56 88 --sh--r c:\documents and settings\All Users\Application Data\44D13C70A4.sys
2009-01-17 20:56 2,672 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-17 20:23 --------- d-----w c:\documents and settings\metx\Application Data\Corel
2009-01-17 20:19 --------- d-----w c:\documents and settings\metx\Application Data\كورل
2009-01-17 20:18 --------- d-----w c:\program files\Common Files\Protexis
2009-01-17 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-17 20:16 --------- d-----w c:\program files\Common Files\Corel
2009-01-17 16:58 --------- d-----w c:\program files\USB Disk Security
2009-01-17 08:48 --------- d-----w c:\program files\PE Explorer
2009-01-16 22:00 --------- d-----w c:\program files\UltraISO
2009-01-16 22:00 --------- d-----w c:\program files\Common Files\EZB Systems
2009-01-16 12:52 --------- d-----w c:\program files\RealDrawPRO4
2009-01-15 15:09 --------- d-----w c:\documents and settings\user2\Application Data\ONSPEED_TOOLBAR
2009-01-15 13:40 --------- d-----w c:\program files\CompactDraw
2009-01-15 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-01-13 09:48 --------- d-----w c:\documents and settings\metx\Application Data\Ahead
2009-01-12 23:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-12 23:21 --------- d-----w c:\program files\Common Files\InterVideo
2009-01-12 23:20 --------- d-----w c:\program files\Windows Media Components
2009-01-12 12:51 --------- d-----w c:\program files\TeamViewer
2009-01-12 12:51 --------- d-----w c:\documents and settings\metx\Application Data\TeamViewer
2009-01-12 12:19 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-01-12 12:19 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-12 11:29 --------- d-----w c:\program files\Trojan Remover
2009-01-11 23:30 --------- d-----w c:\documents and settings\metx\Application Data\pe explorer
2009-01-11 22:45 --------- d-----w c:\documents and settings\metx\Application Data\Simply Super Software
2009-01-11 22:20 --------- d-----w c:\documents and settings\metx\Application Data\CyberScrub
2009-01-11 22:20 --------- d-----w c:\documents and settings\metx\Application Data\cleaner
2009-01-11 21:34 --------- d-----w c:\program files\Google
2009-01-11 21:18 --------- d-----w c:\program files\Axialis
2009-01-10 19:40 --------- d-----w c:\program files\Stardock
2009-01-10 15:37 --------- d-----w c:\documents and settings\user2\Application Data\ESET
2009-01-10 09:46 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-01-09 21:54 --------- d-----w c:\program files\IEPro
2009-01-09 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-01-08 22:00 --------- d-----w c:\documents and settings\metx\Application Data\URSoft
2009-01-08 16:12 --------- d-----w c:\documents and settings\metx\Application Data\Axialis
2009-01-06 19:06 --------- d-----w c:\program files\IconCool Software
2009-01-06 18:06 --------- d-----w c:\program files\Lingobit Localizer
2009-01-06 18:06 --------- d-----w c:\program files\Common Files\Crystal Decisions
2009-01-06 17:34 --------- d-----w c:\program files\YouTube Downloader
2009-01-05 12:45 --------- d-----w c:\program files\Driver Magician
2009-01-05 10:59 --------- d-----w c:\program files\TechSmith
2009-01-04 21:41 --------- d-----w c:\program files\Common Files\Adobe
2009-01-04 15:40 --------- d-----w c:\program files\VMware
2009-01-04 15:31 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-04 15:29 --------- d-----w c:\program files\Microsoft Works
2009-01-04 15:27 --------- d-----w c:\program files\Microsoft.NET
2009-01-04 12:17 --------- d-----w c:\documents and settings\metx\Application Data\MAXON
2009-01-04 10:53 --------- d-----w c:\program files\Ringz Studio
2009-01-04 10:53 --------- d-----w c:\program files\Modem Diagnostic Tool
2009-01-04 10:53 --------- d-----w c:\program files\EA Games
2009-01-04 10:53 --------- d-----w c:\program files\CONEXANT
2009-01-04 10:53 --------- d-----w c:\program files\Common Files\Axara
2009-01-04 10:53 --------- d-----w c:\program files\AliveMedia
2009-01-02 14:01 --------- d-----w c:\documents and settings\metx\Application Data\PC Suite
2008-12-31 22:08 --------- d-----w c:\program files\Windows Mobile Resources
2008-12-30 08:20 --------- d-----w c:\program files\Alwil Software
2008-12-30 07:45 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-30 07:44 --------- d-----w c:\program files\Common Files\Real
2008-12-29 11:42 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-29 11:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-29 11:42 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-29 11:38 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-29 11:38 4,256 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-29 11:38 3,455,008 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-29 11:38 29,120 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-29 11:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8(2)
2008-12-28 17:36 --------- d-----w c:\program files\Common Files\eSellerate
2008-12-27 23:22 --------- d-----w c:\program files\Internet Download Manager
2008-12-19 12:44 59,692 ----a-w c:\windows\BricoPackUninst.cmd
2008-12-19 12:44 5,360 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-12-14 04:09 --------- d-----w c:\documents and settings\metx\Application Data\Nokia Multimedia Player
2008-12-09 20:04 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-09 07:00 --------- d-----w c:\documents and settings\metx\Application Data\Leadertech
.
------- Sigcheck -------
01/23/2009 09:25 PM 501248 02b900d9e95e4d560b4ee224b0bac0b6 c:\windows\system32\winlogon.exe
08/04/2004 12:56 AM 973312 a10b8a9309fee2bf9ee6538693844d77 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [12/23/2008 02:05 PM 2741680]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM 1289000]
"TuneUp MemOptimizer"="c:\documents and settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe" [11/20/2008 06:28 PM 155904]
"Thinstall Setup Capture Continue"="c:\program files\VMware\VMware ThinApp\Setup Capture.exe" [06/23/2008 07:07 AM 6469738]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/28/2008 06:01 PM 185896]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [10/24/2008 08:50 PM 1451264]
"SlipStream"="c:\program files\ONSPEED\onspeedcore.exe" [07/24/2008 04:53 AM 344064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
ONSPEED.lnk - c:\program files\ONSPEED\onspeedgui.exe [2009-01-25 229376]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^ONSPEED.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\ONSPEED.lnk
backup=c:\windows\pss\ONSPEED.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 03/08/2007 04:38 AM 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 12:56 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
--a------ 07/24/2008 04:53 AM 344064 c:\program files\ONSPEED\onspeedcore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 11/09/2006 03:07 PM 49263 c:\program files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 11/28/2008 06:01 PM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\Program Files\\LeapFTP\\ar\\LeapFTP.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\VMWare ThinApp 4.0.0.200\\Captures\\TeamViewer 4\\bin\\TeamViewer 4.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\ar\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [2008-12-28 1694592]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{B88C35D6-49AF-4189-A03E-670DBA6C3E35} - (no file)
BHO-{70EC7319-7EB4-4A50-B0C7-97A7CDA92E9A} - c:\program files\IEToolbar\e.dll
WebBrowser-{5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - c:\program files\IEToolbar\e.dll
Notify-dimsntfy - (no file)
Notify-NavLogon - (no file)

.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5405;*update.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;download.mcafee.com;*.phobos.apple.com;update.adobe.com;*.networkassociates.com;*.nai.com;service1.symantec.com;*.f863.mail.yahoo.com;*.apple.com.edgesuite.net;idisk.apple.com;*.hotmail.com;*.hotmail.msn.com;sitebuilder.wanadoo.co.uk;*.car4rental.com;10.*;192.*;172.*;*.mysite.wanadoo-members.co.uk;mysite.orange.co.uk;*.mysite.orange.co.uk;update.microsoft.com;windowsupdate.microsoft.com;stats.microsoft.com;c.microsoft.com;*.mysite.wanadoo-members.co.uk;mysite.orange.co.uk;*.mysite.orange.co.uk;*.symantec.com;download.onspeed.com;*windowsupdate.microsoft.com;liveupdate.symantec.com;click2service.tele2.se;*.click2service.tele2.se;*.microsoft.com;wanadoo-members.co.uk/sitename;sitename.mysite.wanadoo-members.co.uk;mysite.orange.co.uk/sitename;sitename.mysite.orange.co.uk;mail.tesco.net;mail.live.com;*.mail.yahoo.com;*.update.microsoft.com;swupdate.apple.com;wsidecar.apple.com;appldnld.apple.com.edgesuite.net;*.bbt.yahoo.co.jp;webmail.tugab.bg;*.webdevleti.com;localhost
uInternet Settings,ProxyServer = http=127.0.0.1:5405
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Show All Original Images - c:\program files\ONSPEED\gui_resource.dll/327
IE: Show Original Image - c:\program files\ONSPEED\gui_resource.dll/328
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
IE: {{5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - {5CAE37E7-FF3D-4C1E-B801-ABCB2B83149E} - c:\program files\IEToolbar\e.dll
LSP: c:\progra~1\ONSPEED\sliplsp.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-01-26 13:09:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c0,07,f7,3a,ce,5f,8f,2f,08,d7,4d,8a,84,f4,71,f1,17,cd,f2,a9,a6,
8c,02,f4,c7,19,11,dc,d1,b3,90,4b,0f,d5,22,b7,1b,c9,5e,f6,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d1333ca1-4cc5-4a5e-801f-f1d3557b9226}]
@Denied: (Full) (Everyone)
"Model"=dword:00000019
"Therad"=dword:00000004
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\metx\c:\progra~1\MICROS~2\rapimgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 01/26/2009 13:11:12 - machine was rebooted
********-quarantined-files.txt 2009-01-26 10:11:09
Pre-Run: 39,193,657,344 bytes free
Post-Run: 39,184,773,120 bytes free
284 --- E O F --- 2008-12-13 13:29:30

عندي سؤالين يالغالي :)

الحين جهازي من أول تقرير تابعته أنت وش كان فيه بالضبط من فيروسات
وهل من ضمن تقاريري يوجد ملفات تجسس ..؟؟
 
توقيع : أبوعوض
هذا تقرير بواسطة برنامج مكافي ..

Engine Version : 5300.2777
Engine Load Time : 19141 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's ****** directories
******s : Clean
c:\hiberfil.sys : Scan Failed
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\metx\ntuser.dat : Scan Failed
c:\Documents and Settings\metx\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\metx\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\metx\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\metx\Local Settings\Temp\Perflib_Perfdata_f44.dat : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 64018
FilesScanned : 39711
FilesNotScanned : 24307

******sFound : 108643
******sInfected : 0
******sCleaned : 0
******sDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 13:37:07 30 محرم, 1430
Ended at : 14:01:09 30 محرم, 1430
Duration : 24 minutes 2 seconds
5551 MB scanned in 1442 seconds = 3 MB/s
Engine initialisation failed with engine error 3
 
توقيع : أبوعوض
تماام اعمل تقرير هايجاك جديد الان
 
تماام اعمل تقرير هايجاك جديد الان


Logfile of HijackThis v1.99.1
Scan saved at 04:36:07, on 27/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\metx\سطح المكتب\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O3 - Toolbar: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Documents and Settings\metx\سطح المكتب\Portable TuneUp Utilities 2009 V8.0.1100-Final\TuneUpPortable\App\TuneUp\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Thinstall Setup Capture Continue] "C:\Program Files\VMware\VMware ThinApp\Setup Capture.exe" "C:\Program Files\VMware\VMware ThinApp\{6188A4AA-955D-4736-96E7-D8F27899D1C0}.snapshot" "C:\Program Files\VMware\VMware ThinApp\{8242B39D-97D6-48ED-8727-69B86F289874}.snapshot" "C:\ HKEY_LOCAL_MACHINE HKEY_USERS"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgamsvr.exe (file missing)
O23 - Service: AVG7 Kernel (Avg7Core) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7core.sys (file missing)
O23 - Service: AVG7 Wrap Driver (Avg7RsW) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7rsw.sys (file missing)
O23 - Service: AVG7 Resident Driver XP (Avg7RsXP) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avg7rsxp.sys (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgupsvc.exe (file missing)
O23 - Service: AVG7 Clean Driver (AvgClean) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgclean.sys (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgemc.exe (file missing)
O23 - Service: AVG Network Redirector (AvgTdi) - Unknown owner - C:\DOCUME~1\metx\LOCALS~1\Temp\Rar$EX00.750\AVG-Anti-virus-7.5\Grisoft-AVG75\avgtdi.sys (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
 
توقيع : أبوعوض
عودة
أعلى