(( كيف تعرف ان جهازك مخترق بالطريقة الصحيحة ))

  • بادئ الموضوع بادئ الموضوع fahd
  • تاريخ البدء تاريخ البدء
الحالة
مغلق و غير مفتوح للمزيد من الردود.

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

هلا فيك أختي
اكتبي موضوع جديد بالقسم المختص وهو :

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وحطي معه تقرير هايجاك
وكل أدوات وطرق فحص الجهاز موجودة في

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

في الموضوع المثبت على الرابط التالي :

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


 

توقيع : fahd
مشكور اخوي fhad
جزاك الله الف خير
حجرب الطريقة وان شاءالله اقدر انزل موضوع
 
مشكور على طرح الموضوع
 
السلام عليكم

هيجاك/

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:13:35 م, on 07/04/11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Quick net\ModemListener.exe
C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Users\un\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\un\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\un\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\un\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [ModemListener] "C:\Program Files\Quick net\ModemListener.exe" start
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [QuickSet] "C:\Program Files\Dell\QuickSet\QuickSet.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files\Cyberlink\Shared files\brs.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\un\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: جاري إرسال الصفحة إلى &جهاز Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: جاري إرسال الصورة إلى &جهاز Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: فحص عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\klwtbbho.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd3.dll
O23 - Service: STC Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 8259 bytes


البرامج المثبته/



====== معلومات نظام التشغيل ======

X86 WIN_7 7600


====== قائمة البرامج المثبتة ======

µTorrent
ACDSee Pro 2.5
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader X - Arabic
Advanced Audio FX Engine
Bing Bar
Bing Bar Platform
CyberLink PowerDVD 10
CyberLink PowerDVD 10
Dell Webcam Central
FormatFactory 2.60
GOM Player
Intel(R) Graphics Media *********** Driver
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 24
Java(TM) 6 Update 3
K-Lite Codec Pack 4.1.7 (Full)
Live! Cam Avatar Creator
MakeUp Pilot 3.01
Messenger Plus Saudi Toolbar
Messenger Plus! 5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Outlook Connector
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 and SOAP Toolkit 3.0
ObjectDock Plus
ONSPEED
Paint.NET v3.36
Paltalk Messenger
PhotoInstrument 2.0
PhotoScape
Quick net
QuickSet32
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Burn
Roxio Burn
Spy Sweeper Core
STC ® Kaspersky ® Internet Security 2010
STC ® Kaspersky ® Internet Security 2010
The KMPlayer (remove only)
Windows 7 Codec Pack 2.8.0
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR 4.00 (32-bit)
أداة التحميل Windows Live Upload Tool
برنامج WIDCOMM Bluetooth
مساعد تسجيل الدخول إلى Windows Live

ستارت اب/
"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Operating System: Windows 7
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"Google Update" = ""C:\Users\un\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" ["BitTorrent, Inc."]
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ModemListener" = ""C:\Program Files\Quick net\ModemListener.exe" start" [null data]
"avp" = ""C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe"" ["Kaspersky Lab"]
"QuickSet" = ""C:\Program Files\Dell\QuickSet\QuickSet.exe"" ["Dell Inc."]
"SlipStream" = ""C:\Program Files\ONSPEED\onspeedcore.exe"" ["SlipStream Data Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"BDRegion" = ""C:\Program Files\Cyberlink\Shared files\brs.exe"" ["cyberlink"]
"IgfxTray" = ""C:\Windows\system32\igfxtray.exe"" ["Intel Corporation"]
"HotKeysCmds" = ""C:\Windows\system32\hkcmd.exe"" ["Intel Corporation"]
"Persistence" = ""C:\Windows\system32\igfxpers.exe"" ["Intel Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDMIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"
-> {HKLM...CLSID} = "IEVkbdBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\ievkbd.dll" ["Kaspersky Lab"]

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"
-> {HKLM...CLSID} = "Search Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{9AA2F14F-E956-44B8-8694-A5B615CDF341}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NOW!Imaging"
\InProcServer32\(Default) = "C:\Program Files\ONSPEED\components\NOWImaging.dll" ["SlipStream Data Inc."]

{A66AA08A-9BF0-4e87-99E6-6972731D6B99}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Prefetch"
\InProcServer32\(Default) = "C:\Program Files\ONSPEED\Prefetch.dll" ["SlipStream Data Inc."]

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Bing Bar BHO"
\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = "link filter bho"
-> {HKLM...CLSID} = "FilterBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

BackupIconOverlayId\(Default) = "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
-> {HKLM...CLSID} = "BackupIconOverlayId Class"
\InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll" ["Broadcom Corporation."]

"{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: ShellExt"
-> {HKLM...CLSID} = "AIMP2: ShellExt"
\InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\Windows\system32\mmfinfo.dll" [null data]

"{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"
-> {HKLM...CLSID} = "Haali Matroska Shell Property Page"
\InProcServer32\(Default) = "C:\Windows\system32\mmfinfo.dll" [null data]

"{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor"
-> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"
\InProcServer32\(Default) = "C:\Windows\system32\mmfinfo.dll" [null data]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "c:\program files\real\realplayer\rpshell.dll" ["RealNetworks, Inc."]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd3.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}\(Default) = "BtwCredentialProvider"
-> {HKLM...CLSID} = "BtwCredentialProvider"
\InProcServer32\(Default) = "C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll" ["Broadcom Corporation."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
-> {HKLM...CLSID} = "AIMP2: ShellExt"
\InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\shellex.dll" ["Kaspersky Lab"]

OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}"
-> {HKLM...CLSID} = "OnlineProtectMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
-> {HKLM...CLSID} = "AIMP2: ShellExt"
\InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll" ["Broadcom Corporation."]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\Windows\system32\mmfinfo.dll" [null data]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\shellex.dll" ["Kaspersky Lab"]

OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}"
-> {HKLM...CLSID} = "OnlineProtectMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\un\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ACDSeePro25ImportPicturesOnArrival\
"Provider" = "ACDSee Pro 2.5"
"InvokeProgID" = "ACDSee Pro 2.5.AutoPlayHandlerImport"
"InvokeVerb" = "Import"
HKLM\SOFTWARE\Classes\ACDSee Pro 2.5.AutoPlayHandlerImport\shell\Import\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" /detect:%1" ["ACD Systems"]

ACDSeePro25ImportVideoFilesOnArrival\
"Provider" = "ACDSee Pro 2.5"
"InvokeProgID" = "ACDSee Pro 2.5.AutoPlayHandlerImport"
"InvokeVerb" = "Import"
HKLM\SOFTWARE\Classes\ACDSee Pro 2.5.AutoPlayHandlerImport\shell\Import\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" /detect:%1" ["ACD Systems"]

ACDSeePro25PlayVideoFilesOnArrival\
"Provider" = "ACDSee Pro 2.5"
"InvokeProgID" = "ACDSee Pro 2.5.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee Pro 2.5.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1"" ["ACD Systems"]

ACDSeePro25ShowPicturesOnArrival\
"Provider" = "ACDSee Pro 2.5"
"InvokeProgID" = "ACDSee Pro 2.5.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee Pro 2.5.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1"" ["ACD Systems"]

BasicBurnAdd\
"Provider" = "Roxio Burn"
"InvokeProgID" = "BasicBurn.PLAYADD"
"InvokeVerb" = "Add"
HKLM\SOFTWARE\Classes\BasicBurn.PLAYADD\shell\Add\Command\(Default) = ""C:\Program Files\Roxio\Roxio Burn\Roxio Burn.exe" /BURN %L" [null data]

BasicBurnCopy\
"Provider" = "Roxio Burn"
"InvokeProgID" = "BasicBurn.PLAYCOPY"
"InvokeVerb" = "Copy"
HKLM\SOFTWARE\Classes\BasicBurn.PLAYCOPY\shell\Copy\Command\(Default) = ""C:\Program Files\Roxio\Roxio Burn\Roxio Burn.exe" /Copy %L" [null data]

GOMPlayDVDOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.DVD"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]

GOMPlayMediaOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.MediaFile"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe"" ["Gretech Corp."]

PDVD10PlayBluRayOnArrival\
"Provider" = "PowerDVD 10"
"InvokeProgID" = "BluRay"
"InvokeVerb" = "PlayWithPowerDVD10"
HKLM\SOFTWARE\Classes\BluRay\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

PDVD10PlayCDAudioOnArrival\
"Provider" = "PowerDVD 10"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD10"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

PDVD10PlayDVDMovieOnArrival\
"Provider" = "PowerDVD 10"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD10"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

PDVD10PlayEnhancedDVDOnArrival\
"Provider" = "PowerDVD 10"
"InvokeProgID" = "EnDVD"
"InvokeVerb" = "PlayWithPowerDVD10"
HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

PDVD10PlaySVCDOnArrival\
"Provider" = "PowerDVD 10"
"InvokeProgID" = "SVCD"
"InvokeVerb" = "PlayWithPowerDVD10"
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

PDVD10PlayVCDMovieOnArrival\
"Provider" = "PowerDVD 10"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD10"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""c:\program files\real\realplayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

WIA_{4B5D169E-E1E2-48C4-9ED7-21C9761595B3}\
"Provider" = "ACDSee Pro 2.5"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;start ACDSeeQVPro25.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]


Startup items in "un" & "All Users" startup folders:
----------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
"ONSPEED" -> shortcut to: "C:\Program Files\ONSPEED\onspeedgui.exe" ["SlipStream Data Inc."]


Windows Sidebar Gadgets:
------------------------

C:\Users\un\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CUsers%5Cun%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CRadio00MBCFM0online0.gadget"


Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"GoogleUpdateTaskUserS-1-5-21-2856774241-2753114494-3394699565-1000Core" -> launches: "C:\Users\un\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-2856774241-2753114494-3394699565-1000UA" -> launches: "C:\Users\un\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"RealUpgradeLogonTaskS-1-5-21-2856774241-2753114494-3394699565-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-2856774241-2753114494-3394699565-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"SidebarExecute" -> launches: "C:\Program Files\Windows Sidebar\sidebar.exe /addGadget" [MS]
"User_Feed_Synchronization-{E4960045-0C7B-4938-A9F0-C23B06346E66}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
"wrSpySweeper_L805B45C12FC74A3B9709AF27F374A5B3" -> launches: "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /ScheduleCleanup=wrSpySweeper_L805B45C12FC74A3B9709AF27F374A5B3" ["Webroot Software, Inc."]
"wrSpySweeper_LF7281B1070FE49B1AD1D129ECE02B43B" -> launches: "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /ScheduleSweep=wrSpySweeper_LF7281B1070FE49B1AD1D129ECE02B43B" ["Webroot Software, Inc."]
"{0C3B4F0B-86FD-4284-8412-846581A469EF}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe -c /uninstall" [MS]
"{27B53E7E-EF75-4373-9BAA-01921D6B36B3}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\un\Desktop\coreaacSetup.exe -d C:\Users\un\Desktop" [MS]
"{4185E4B4-5992-4A74-9320-2B4247E7D6C9}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\un\Desktop\طھط¹ط±ظٹظپ ظƒط±طھ ط§ظ„ط´ط§ط´ط©.exe" -d C:\Users\un\Desktop" [MS]
"{9064BDF3-7319-4DC1-B06F-600F7827702D}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\un\Desktop\jre-6u23-windows-i586-iftw.exe -d C:\Users\un\Desktop" [MS]
"{B5FAB6B5-0D8A-457F-A319-12287764CD92}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL" [MS]
"{BAA327A2-B888-45D2-A3BE-32C7E4AF307F}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\MESSEN~3\UNWISE.EXE -c /U C:\PROGRA~1\MESSEN~3\INSTALL.LOG" [MS]
"{C6B57B8B-5B62-4CD7-A843-ADF8FF774B02}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\un\Desktop\JavaSetup6u24.exe -d C:\Users\un\Desktop" [MS]
"{CBC508D6-7A31-471B-8C30-9B4391A5451A}" -> launches: "C:\Windows\system32\pcalua.exe -a F:\SETUP.EXE -d F:\" [MS]
"{D6A9D196-FCFD-4297-A7EF-7EE456D3E90F}" -> launches: "C:\Windows\system32\pcalua.exe -a "G:\masss\alien shooter.exe" -d G:\masss" [MS]
"{DEBCD476-F18D-475E-8224-B038EB1B9AF0}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\un\Desktop\Realtek High Definition Audio Driver R2.34.For.Xp\Realtek High Definition Audio Driver R2.34.For.Xp\WDM_R234.exe" -d "C:\Users\un\Desktop\Realtek High Definition Audio Driver R2.34.For.Xp\Realtek High Definition Audio Driver R2.34.For.Xp"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
"AitAgent" -> launches: "aitagent" [MS]
"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
-> {HKLM...CLSID} = "KernelCeipCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
-> {HKLM...CLSID} = "UsbCeip"
\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
-> {HKLM...CLSID} = "WinSAT Task Manger Task"
\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
-> {HKLM...CLSID} = "RasMobilityManager"
\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
-> {HKLM...CLSID} = "RegistryIdleBackupHandler"
\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
-> {HKLM...CLSID} = "RunTask"
\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]

C:\Windows\System32\Tasks\WPD
"SqmUpload_S-1-5-21-2856774241-2753114494-3394699565-1000" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\PROGRA~1\ONSPEED\sliplsp.dll ["SlipStream Data Inc."], 01, 13
%SystemRoot%\system32\mswsock.dll [MS], 02 - 12, 14 - 33


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\
"ButtonText" = "PalTalk"
"Exec" = "C:\Program Files\Paltalk Messenger\Paltalk.exe" ["AVM Software Inc."]

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015"
"MenuText" = "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

{CCF151D8-D089-449F-A5A4-D9909053F20F}\
"ButtonText" = "فحص عناوين المواقع (URL)"
"CLSIDExtension" = "{CCF151D8-D089-449F-A5A4-D9909053F20F}"
-> {HKLM...CLSID} = "FilterButtonHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" ["Broadcom Corporation."]
DeviceManager, DeviceManager, "C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -start" [null data]
SeaPort, SeaPort, ""C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"" [MS]
STC Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe" -r" ["Kaspersky Lab"]
Webroot Client Service, WRConsumerService, ""C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe"" ["Webroot Software, Inc. "]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> WRConsumerService, "Service"

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> WRConsumerService, "Service"


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2011-04-07 20:39:00)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 103 seconds, including 8 seconds for message boxes)
 
يعطيك العافيه

حلمي الوحيد اني اكون خبرية اجهزه وبرامج بس محد راضي يعطيني وجه
 
شــــــــــــــــــــــــــــكرا لك :getsmile.tmp0018002


310.jpg

 
توقيع : al_amera
بارك الله فيك
تحياتي لك
 
توقيع : Omar Yousif
.
 
الله يعطيك العافية
 
توقيع : انفال غزة
يعطيك العافية أخي الكريم​
 
السسلام عليكم ..

هذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:20 ص, on 14/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Hide The IP 2010\AVRedirector.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\ChgService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ZTE Connection Manager\AssistantServices.exe
C:\Program Files\Clocx\Clocx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\ZTE Connection Manager\UIExec.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hide The IP 2010\HideTheIP.exe
C:\Program Files\ZTE Connection Manager\UIMain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\ZTE Connection Manager\CMUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\cmd.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ClocX] C:\Program Files\Clocx\Clocx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\ZTE Connection Manager\UIExec.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP 2010\HideTheIP.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avlibrary.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avlibrary.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avlibrary.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D56B869F-0047-4116-8344-0432A02B9466}: NameServer = 84.235.6.55 84.235.57.230
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: البرنامج الخفي لذاكرة التخزين المؤقت لفئات المكونات - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: AVRedirector - Unknown owner - C:\Program Files\Hide The IP 2010\AVRedirector.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\System32\ChgService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\ZTE Connection Manager\AssistantServices.exe

--
End of file - 10362 bytes
 
hassen10.gif

 
معلووووومه جميلة وبارك الله فيك
 
توقيع : باجخيف
السلام عليكم ورحمة الله وبركاتة

(1) تقرير HijackThis


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:28:03 ص, on 18/05/11
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.163.96.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
R3 - URLSearchHook: Messenger Plus Saudi Toolbar - {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} - C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Saudi - {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} - C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Messenger Plus Saudi Toolbar - {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} - C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: إضافة إلى مكافحة الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &لوحة المفاتيح الظاهرية - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: فحص &عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: خدمة Kaspersky لمكافحة الفيروسات (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 8265 bytes


(2) تقرير عن قائمة البرامج المثبتة



====== معلومات نظام التشغيل ======

X86 WIN_7 7600


====== قائمة البرامج المثبتة ======

7-Zip 9.20
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Ashampoo Burning Studio 10 10.0.7
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Conduit Engine
D3DX10
FormatFactory 2.40
Golden Al-Wafi Translator
GOM Player
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Control Center
Intel(R) Graphics Media *********** Driver
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Codec Pack 6.1.0 (Full)
LameACM
Messenger Plus Saudi Toolbar
Messenger Plus! Live
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 ar)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyAshampoo Toolbar
Nokia Connectivity Cable Driver
ON_OFF Charge B10.0427.1
PC Connectivity Solution
Platform
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK RTL8187 Wireless LAN Driver and Utility
RealUpgrade 1.1
TuneUp Utilities 2011
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
UltraISO Premium V9.33
VIA Platform Device Manager
VLC media player 1.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
برنامج Kaspersky لأمان الإنترنت 2011
برنامج Kaspersky لأمان الإنترنت 2011
حزمة برامج تشغيل Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)



(3) تقرير runscanner


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




(4) StartUp

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
تقرير هايجاك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:53 ص, on 19/05/11
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avgnt] &quot;C:\Program Files\Avira\AntiVir Desktop\avgnt.exe&quot; /min
O4 - HKLM\..\Run: [************ Anti-Malware (reboot)] &quot;C:\Program Files\************' Anti-Malware\mbam.exe&quot; /runcleanupscript
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Video***********Service - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\Video***********Service.exe

--
End of file - 5166 bytes



تقرير البرامج المثبتة



====== معلومات نظام التشغيل ======

X86 WIN_VISTA 6002 Service Pack 2


====== قائمة البرامج المثبتة ======

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 8.2.6
Apple Software Update
Ask Toolbar
Avira Premium Security Suite
Bonjour
CCleaner
CyberLink PowerDVD
D3DX10
DFX for RealPlayer
Google Chrome
Google Update Helper
HiYo
HiYo
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 13
Junk Mail filter update
************' Anti-Malware
Messenger Plus! 5
Microsoft .NET Framework 3.5 Language Pack SP1 - ara
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
Microsoft Office InfoPath MUI (Arabic) 2007
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 ar)
MpcStar 5.1
MSVC80_x86
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Playchess
Realtek High Definition Audio Driver
Rhapsody Player Engine
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype™ 5.3
SMPlayer 0.6.9
Uniblue RegistryBooster
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VideoLAN VLC media player 0.8.6b
Windows Doctor 2.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
بريد Windows Live
تحديث لـ Microsoft Office Excel 2007 Help (KB963678)
تحديث لـ Microsoft Office Powerpoint 2007 Help (KB963669)
تحديث لـ Microsoft Office Word 2007 Help (KB963665)
حزمة اللغة لـ Microsoft .NET Framework 3.5 SP1 - ARA
حزمة برامج تشغيل Windows - Nokia Modem (05/22/2008 3.8)
حزمة برامج تشغيل Windows - Nokia Modem (06/09/2010 7.01.0.8)
حزمة برامج تشغيل Windows - Nokia Modem (10/07/2010 4.6)
معرض صور Windows Live
 
شكرا و بارك الله فيك
 
توقيع : zerak1977
السلام عليكم أخي أرجو مساعدتي لأني اشك بوجود برامج خبيثة في جهازي, وذلك من خلال دخولي الى قائمة run وكتابةsystem.ini
فلم يظهر لي الرقم 850 ولكن ظهر لي الرمزWOA
فكيف لي أن أتخلص من هذه المشكلة؟؟؟؟ علما أنَّ نظام التشغيل لدي ويندوز7
وجزاك الله كلَّ خيرٍ, أرجو أن تسعفني بالجواب الشافي فأنا من المعجبين بك وبارك الله فيك.
ارجو كلَّ مَنْ يستطيع مساعدتي أن لا يبخلَ علي بالجواب وله الأجر والثواب.
 
بارك الله فيك
 
توقيع : soly
بارك الله فيك

الطريقة منشرة وبكثرة

وأنت سهلتها ووضحتها
 
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى