المسنجر ما يفتح يعطيني هالمسج؟؟

[الفجر]

السلام عليكم
بين فتره وفتره لازم تطلع لي هالرساله اذا اريد افتح المسنجر
ولازم اعيد التشغيل احيانا تصيب واحيانا تخيب وارجع اعيد التشغل
واحيانا الهوتميل مسنجر واحيانا الياهو

وهالمشكله تضايقني
اتمنى يكون عندكم حل



ما قدرت احمل الصوره
بس الرساله اللي تكون فيها send , dontsend

 

[السّاجد لله]

ارفعي التقرير الثاني
​

 

[الفجر]

وهذا تقرير الثاني
بعد ما حذفت اللي قالي عليهم اخوي كونومي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:09, on 2/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AhnRpta.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Documents and Settings\200003779\Desktop\HijackThis2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 4755 bytes

 

[السّاجد لله]

حددي هذه القيمة واحذفيها

C:\WINDOWS\AhnRpta.exe

طريقة الحذف

(الحذف بواسطة اداة الهايجاك)​

​

​

​

​

​

​

​

​

​

​

 

[السّاجد لله]

ثم تقرير هايجاك جديد اخير واخبريني هل انتهت المشكلة ام لا
​

 

[الفجر]

هذا التقرير اخوي هشام
والحمدلله انحلت المشكله بدون تنزيل اصدار ثاني
واشكرك انت واخوي كونومي على وقفتكم وياي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:34, on 2/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AhnRpta.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Documents and Settings\200003779\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 4804 bytes

 

[KoNaMi]

احذفي التالي يالغلا

O23 - Service: Eset Service (ekrn) - ESET - (no file)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - (no file)


مانبي منك الا الدعاء لنا في ظهر الغيب ولاننسا الغالي هشام جزاه الله كل خير

واي خدمه احنا جاهزين ان شاء الله


​

 

[السّاجد لله]

هل تعاني من مشاكل اخرى الان ؟؟
​

 

[الفجر]

مشكور اخوي كونومي جاري التطبيق
ويزاك الله خير اخوي هشام ما في اي مشكله
الله يسعدكم ويوفقكم
والسموحه

 

[السّاجد لله]

بالتوفيق
​

 

[الفجر]

رجعت نفس المشكله وعدت تشغيل الجهاز ثلاث مرات ونفس الشي

كيف احلها؟

 

[الفجر]

???

 

[فايز الصاعدي]

يا اختي ادا ما خاب ضني من الباتش اللي عندك ,,
اعتقد الباتشات اللي تفتح اكتر من ماسنجر ,, هيا تسبب المشاكل

 

[السّاجد لله]

اعملي التالي بالترتيب

اولا

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

اثناء الفحص ممكن يعاد تشغيل الجهاز​

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني​

​

​

​

 

[عدو أمريكا]

الأنتي فيروس عندك

أو الأنتي فيروال

ادخل على الإعدادات وعطل حماية البريد

حتى برامج الحماية تعمل عملة

​

 

[الفجر]

يا اختي ادا ما خاب ضني من الباتش اللي عندك ,,
اعتقد الباتشات اللي تفتح اكتر من ماسنجر ,, هيا تسبب المشاكل

ما اقدر احذف الباتش لاني احتاج له

 

[الفجر]

اعملي التالي بالترتيب​

اولا​

​

​

​

نزل هذه الاداة​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

​

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes​

​

​

بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

اثناء الفحص ممكن يعاد تشغيل الجهاز​

​

​

​

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه​

​

​

انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول​

ثانيا​

حمل هذا البرنامج​

​

​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

هذا التقرير الاول

ComboFix 09-03-01.01 - 200003779 2009-03-02 11:40:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.971.1033.18.1015.728 [GMT 4:00]
Running from: d:\documents and settings\200003779\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\i6g6x.cmd
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\ntos.exe
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
D:\i6g6x.cmd
E:\Autorun.inf
E:\i6g6x.cmd
.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.
2009-02-28 00:43 . 2009-03-01 04:36 108,843 -r-hs---- C:\gi2ky.exe
2009-02-27 13:09 . 2009-02-27 13:19 <DIR> d-------- d:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-27 13:07 . 2009-02-27 13:08 <DIR> d-------- c:\program files\Farm Frenzy Pizza Party
2009-02-26 15:43 . 2008-10-03 14:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-02-26 10:29 . 2009-02-26 19:41 103,663 -r-hs---- C:\wx8o0bt1.com
2009-02-26 01:55 . 2009-02-26 01:55 <DIR> d-------- d:\documents and settings\200003779\Application Data\Meridian93
2009-02-20 10:25 . 2009-02-21 09:29 106,970 -r-hs---- C:\w2.com
2009-02-19 21:06 . 2009-02-19 21:06 <DIR> d-------- d:\documents and settings\200003779\Application Data\Playrix Entertainment
2009-02-17 11:47 . 2009-02-17 19:30 107,564 -r-hs---- C:\hyetn1i.exe
2009-02-15 11:36 . 2009-02-16 13:23 106,803 -r-hs---- C:\qphdin.com
2009-02-12 23:51 . 2009-02-14 19:21 107,898 -r-hs---- C:\ur0.com
2009-02-10 19:02 . 2009-02-12 05:24 108,067 -r-hs---- C:\opgde.exe
2009-02-08 17:44 . 2009-02-08 17:44 <DIR> d-------- c:\program files\PowerQuest
2009-02-03 20:16 . 2009-02-03 20:16 <DIR> d-------- d:\documents and settings\200003779\Application Data\Home Sweet Home 2
2009-02-03 16:28 . 2009-02-22 18:53 <DIR> d-------- c:\program files\Build A Lot 3 Passport To Europe
2009-02-03 15:04 . 2009-02-03 15:04 <DIR> d-------- d:\documents and settings\200003779\Application Data\Pogo Games
2009-02-03 14:57 . 2009-02-03 14:57 <DIR> d-------- c:\program files\GamesBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 20:17 --------- d-----w d:\documents and settings\200003779\Application Data\GameHouse
2009-03-01 20:17 --------- d-----w c:\program files\GameHouse
2009-02-28 17:17 --------- d-----w d:\documents and settings\200003779\Application Data\Spyware Terminator
2009-02-27 23:30 --------- d-----w c:\program files\ErrorSmart
2009-02-27 11:21 --------- d-----w d:\documents and settings\200003779\Application Data\cleaner
2009-02-26 23:05 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-26 06:29 --------- d-----w c:\program files\Spyware Terminator
2009-02-25 06:59 --------- d-----w d:\documents and settings\All Users\Application Data\Spyware Terminator
2009-02-19 09:45 --------- d-----w c:\program files\MSN Messenger
2009-02-08 13:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-03 13:47 109,930 --sh--r C:\a2h2.com
2009-02-03 11:43 --------- d-----w c:\program files\Oberon Media
2009-02-03 11:12 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2009-02-03 10:27 --------- d-----w c:\program files\Patriot Games
2009-01-31 16:31 109,127 --sh--r C:\hl80c6b1.com
2009-01-30 11:56 --------- d-----w d:\documents and settings\200003779\Application Data\U3
2009-01-29 21:32 --------- d-----w d:\documents and settings\All Users\Application Data\eGames
2009-01-29 21:32 --------- d-----w c:\program files\Common Files\SWF Studio
2009-01-29 10:13 --------- d-----w d:\documents and settings\200003779\Application Data\World-LooM
2009-01-29 09:06 --------- d-----w d:\documents and settings\All Users\Application Data\MumboJumbo
2009-01-29 09:06 --------- d-----w c:\program files\MumboJumbo
2009-01-26 21:20 --------- d-----w d:\documents and settings\200003779\Application Data\Boomzap
2009-01-26 19:39 --------- d-----w d:\documents and settings\All Users\Application Data\Sandlot Games
2009-01-23 18:32 107,882 --sh--r C:\w98.com
2009-01-21 16:07 108,869 --sh--r C:\gy.exe
2009-01-17 07:16 110,003 --sh--r C:\x2csvg.exe
2009-01-16 17:35 3,594,752 ----a-w c:\windows\system32\SET9A.tmp
2009-01-16 17:35 3,594,752 ------w c:\windows\system32\SET24.tmp
2009-01-16 17:35 3,594,752 ------w c:\windows\system32\SET14.tmp
2009-01-11 07:11 --------- d-----w c:\program files\Google
2009-01-09 14:20 --------- d-----w d:\documents and settings\All Users\Application Data\Intenium
2009-01-07 06:44 --------- d-----w c:\program files\Yahoo!
2009-01-06 13:48 --------- d-----w c:\program files\Trend Micro
2009-01-04 17:34 --------- d-----w d:\documents and settings\All Users\Application Data\Shockwave
2008-09-17 16:45 774,144 -c--a-w c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-26_15.36.47.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 ----a-w c:\windows\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\shell32.dll
+ 2008-02-15 09:06:21 351,744 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\xpsp3res.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 09:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2006-06-20 08:50:27 453,248 -c--a-w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 14:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-IE7\vgx.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-07-12 23:31:54 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 14:39:00 123,904 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2007-08-13 14:35:46 346,624 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2007-08-13 14:35:38 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2007-08-13 14:54:10 131,584 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2007-08-13 14:36:26 61,952 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2007-08-13 14:39:06 54,784 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2007-08-13 14:39:26 152,064 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2007-08-13 14:39:54 229,376 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2007-08-13 13:56:54 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2007-02-12 12:10:12 2,451,312 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dat
+ 2007-07-11 08:27:48 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2007-08-13 14:39:50 382,976 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2007-08-13 14:54:10 6,049,280 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2007-08-13 14:39:10 43,008 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2007-08-13 14:34:04 266,752 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2007-08-13 14:39:10 13,312 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2007-08-13 14:43:56 622,080 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2007-08-13 14:54:10 27,136 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2007-08-13 14:54:10 458,752 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2007-08-13 14:54:10 50,688 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2007-08-13 14:54:12 3,578,368 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2007-08-13 14:54:10 475,648 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2007-08-13 14:44:26 192,000 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2007-08-13 14:54:10 670,720 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2007-08-13 14:44:06 101,376 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2007-08-13 14:36:12 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2007-08-13 14:44:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2007-08-13 14:54:10 1,162,240 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2007-08-13 14:54:10 231,424 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2007-08-13 14:54:10 818,688 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2008-12-08 13:36:34 1,165,584 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-26 23:05:32 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-08 13:36:35 20,240 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-26 23:05:33 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-08 13:36:34 159,504 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-26 23:05:33 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-08 13:36:34 184,080 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-26 23:05:33 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-08 13:36:34 217,864 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-26 23:05:33 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-08 13:36:35 18,704 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-26 23:05:33 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-08 13:36:35 35,088 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-26 23:05:33 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-08 13:36:34 845,584 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-26 23:05:33 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-08 13:36:34 922,384 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-26 23:05:33 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-08 13:36:35 272,648 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-26 23:05:33 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-08 13:36:35 888,080 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-26 23:05:33 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-08 13:36:34 1,172,240 -c--a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-26 23:05:32 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-10 23:03:11 12,288 -c--a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-26 11:41:52 12,288 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-10 23:03:11 282,624 -c--a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2009-02-26 11:41:52 282,624 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
- 2008-09-10 23:03:11 135,168 -c--a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-26 11:41:52 135,168 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-10 23:03:11 27,136 -c--a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-26 11:41:52 27,136 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-10 23:03:11 4,096 -c--a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-26 11:41:52 4,096 ----a-r c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-08-13 14:39:00 123,904 -c--a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2007-08-13 14:39:00 123,904 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 14:35:46 346,624 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 14:35:38 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 14:54:10 131,584 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 13:01:36 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2007-08-13 14:39:06 54,784 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 14:39:26 152,064 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 14:39:54 229,376 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 13:56:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2007-08-13 14:39:50 382,976 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2007-08-13 14:39:10 43,008 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 14:43:56 622,080 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2007-08-13 14:54:10 27,136 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-06-10 01:52:04 96,768 -c----w c:\windows\system32\dllcache\logagent.exe
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 14:54:12 3,578,368 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 17:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2007-08-13 14:54:10 475,648 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 14:44:26 192,000 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 14:54:10 670,720 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-09-04 16:42:02 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2007-08-13 14:44:06 101,376 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2007-08-13 14:36:12 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-07-03 13:16:57 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2007-08-13 14:44:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2007-08-13 14:54:10 1,162,240 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2007-08-13 14:54:10 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
- 2007-08-13 14:54:10 231,424 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 14:54:10 818,688 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-06-10 02:28:36 1,028,096 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-06-10 03:07:24 2,376,760 -c----w c:\windows\system32\dllcache\WMVCore.dll
- 2006-06-20 08:50:27 453,248 -c--a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2007-08-13 14:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2007-08-13 14:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dxtrans.dll
- 2007-08-13 14:54:10 131,584 -c--a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2007-08-13 14:39:06 54,784 -c--a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2007-08-13 14:39:26 152,064 -c--a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2007-08-13 14:39:54 229,376 -c--a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2007-08-13 13:56:54 161,792 -c--a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2007-08-13 14:39:50 382,976 -c--a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2007-08-13 14:39:10 43,008 -c--a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2007-08-13 14:39:10 13,312 -c--a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2007-08-13 14:54:10 27,136 -c--a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2005-01-28 09:44:28 96,768 -c--a-w c:\windows\system32\logagent.exe
+ 2008-06-10 01:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
- 2007-08-13 14:44:26 192,000 -c--a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
- 2007-08-13 14:54:10 670,720 -c--a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
- 2007-05-15 11:43:10 1,320,800 -c--a-w c:\windows\system32\msxml6.dll
+ 2008-08-29 16:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2007-08-13 14:44:06 101,376 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
- 2007-11-30 11:18:51 17,272 -c----w c:\windows\system32\spmsg.dll
+ 2007-07-27 05:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2006-08-21 05:52:08 246,814 -c--a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 -c----w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2005-01-28 09:44:28 1,027,072 -c--a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 02:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 05:29:34 2,374,472 -c--a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 03:07:24 2,376,760 ------w c:\windows\system32\WMVCore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2009-02-19 5674352]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [BU]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-26 151597]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-01 2957824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-06-26 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain1.dll" [2007-06-13 78848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2052111302-682003330-4342\Scripts\Logon\0\0]
"Script"=admin.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2052111302-682003330-4350\Scripts\Logon\0\0]
"Script"=admin.vbs
[HKLM\~\startupfolder\D:^Documents and Settings^200003779^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=d:\documents and settings\200003779\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2006-11-16 19:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 04:56 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-08-13 01:05 122939 c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart]
--a--c--- 2008-09-17 22:11 18244856 c:\program files\ErrorSmart\ErrorSmart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2004-10-08 15:27 126976 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-10-08 15:31 155648 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 2004-10-13 20:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-02-19 13:45 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2005-06-26 16:44 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2009-01-01 13:08 2957824 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 13:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-06-26 16:17 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2004-01-07 01:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a--c--- 2004-08-04 04:56 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCPoVoo TCP المنفذ 443
"443:UDP"= 443:UDPoVoo UDP المنفذ 443
"37674:TCP"= 37674:TCPoVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDPoVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDPoVoo UDP المنفذ 37675
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-11-08 30728]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-01 138752]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-05-03 80384]
S2 ekrn;Eset Service; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{278607ae-61df-11dc-bab0-0010c6ec90ea}]
\Shell\AutoRun\command - G:\cv22.cmd
\Shell\open\Command - G:\cv22.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{761faf61-9a1d-11dd-b800-0010c6ec90ea}]
\Shell\AutoRun\command - G:\lsass.exe
\Shell\open\Command - G:\lsass.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee2e3b-a116-11dd-b815-0010c6ec90ea}]
\Shell\AutoRun\command - G:\2fiji.com
\Shell\explore\Command - G:\2fiji.com
\Shell\open\Command - G:\2fiji.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee2e3c-a116-11dd-b815-0010c6ec90ea}]
\Shell\AutoRun\command - G:\SCVHSOT.exe
\Shell\Open\command - G:\SCVHSOT.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9641fb0e-746c-11dc-bae8-0010c6ec90ea}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9641fb0f-746c-11dc-bae8-0010c6ec90ea}]
\Shell\AutoRun\command - H:\8.bat
\Shell\open\Command - H:\8.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad82d203-6611-11dc-bac2-0014a5549780}]
\Shell\AutoRun\command - G:\pook.com
\Shell\open\Command - G:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9a609f-7f38-11dc-bafd-0014a5549780}]
\Shell\AutoRun\command - G:\fooool.exe
\Shell\explore\Command - G:\fooool.exe
\Shell\open\Command - G:\fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef1b93c1-e4d1-11d9-a546-806d6172696f}]
\Shell\AutoRun\command - f:\autorun\MediaMenu.exe
\Shell\Explore\command - explorer.exe \
.
*******s of the 'Scheduled Tasks' folder
2009-02-27 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart\ErrorSmart.exe [2008-09-17 22:11]
2009-02-27 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\program files\ErrorSmart [2009-02-28 03:30]
2009-02-27 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2009-02-27 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
.
------- Supplementary Scan -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - d:\documents and settings\200003779\Application Data\Mozilla\Firefox\Profiles\tshfm4bg.default\
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-02 11:42:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\klogon.dll
.
Completion time: 2009-03-02 11:44:21
ComboFix-quarantined-files.txt 2009-03-02 07:44:03
ComboFix2.txt 2009-02-26 11:39:12
Pre-Run: 5,628,534,784 bytes free
Post-Run: 5,611,610,112 bytes free
475 --- E O F --- 2009-03-02 05:55:53

 

[الفجر]

هذا التقرير الثاني

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:14, on 3/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\200003779\Desktop\Zyzoom_HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 4831 bytes

 

[الفجر]

الأنتي فيروس عندك ​

أو الأنتي فيروال ​

ادخل على الإعدادات وعطل حماية البريد​

حتى برامج الحماية تعمل عملة ​

​

ما اعرف كيف اعطله

 

[الفجر]

upppp