1. إستبعاد الملاحظة
  2. الإدارة العامة

    صفحة منتديات زيزووم للأمن والحماية

  3. الإدارة العامة

    الصفحة الرسمية لمنتديات زيزووم للأمن والحماية الفيس بوك

  4. الإدارة العامة

    الصفحة الرسمية لمنتديات زيزووم للأمن والحماية التلكرام

(( كيف تعرف ان جهازك مخترق بالطريقة الصحيحة ))

الموضوع في 'منتدى [ حلول مشاكل الحاسوب الشائعة ]' بواسطة fahd, بتاريخ ‏مايو 12, 2010.

حالة الموضوع:
مغلق
  1. fahd

    fahd زيزوومي VIP

    إنضم إلينا في:
    ‏ديسمبر 5, 2007
    المشاركات:
    5,591
    الإعجابات :
    3,298
    نقاط الجائزة:
    1,220
    الجنس:
    ذكر
    الإقامة:
    k.s.a
    برامج الحماية:
    اخرى
    نظام التشغيل:
    أخرى
    هلا فيك أختي
    اكتبي موضوع جديد بالقسم المختص وهو : ركن مشاكـل وحلول الحـاسب

    وحطي معه تقرير هايجاك
    وكل أدوات وطرق فحص الجهاز موجودة في ركن مشاكـل وحلول الحـاسب في الموضوع المثبت على الرابط التالي :
    [للمبتدىء والخبير] اداة الصيانة المعتمدة لقسم مشاكل وحلول الحاسب

     
  2. صافية

    صافية زيزوومي نشيط

    إنضم إلينا في:
    ‏ديسمبر 17, 2010
    المشاركات:
    112
    الإعجابات :
    0
    نقاط الجائزة:
    120
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    مشكور اخوي fhad
    جزاك الله الف خير
    حجرب الطريقة وان شاءالله اقدر انزل موضوع
     
  3. ريوزاكي

    ريوزاكي زيزوومي نشيط

    إنضم إلينا في:
    ‏أكتوبر 25, 2009
    المشاركات:
    114
    الإعجابات :
    1
    نقاط الجائزة:
    120
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    مشكور على طرح الموضوع
     
  4. عذب الوصف

    عذب الوصف زيزوومي جديد

    إنضم إلينا في:
    ‏فبراير 9, 2010
    المشاركات:
    23
    الإعجابات :
    0
    نقاط الجائزة:
    20
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    أخرى
    السلام عليكم

    هيجاك/

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:13:35 م, on 07/04/11
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Quick net\ModemListener.exe
    C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\ONSPEED\onspeedcore.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\CyberLink\Shared files\brs.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ONSPEED\onspeedgui.exe
    C:\Users\un\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\un\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\un\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\un\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Zyzoom_Forum_Tools\zyzoom.exe
    C:\Zyzoom_Forum_Tools\zHijak.com
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
    O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\klwtbbho.dll
    O4 - HKLM\..\Run: [ModemListener] "C:\Program Files\Quick net\ModemListener.exe" start
    O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [QuickSet] "C:\Program Files\Dell\QuickSet\QuickSet.exe"
    O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BDRegion] "C:\Program Files\Cyberlink\Shared files\brs.exe"
    O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Google Update] "C:\Users\un\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
    O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
    O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
    O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: جاري إرسال الصفحة إلى &جهاز Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: جاري إرسال الصورة إلى &جهاز Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: فحص عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\klwtbbho.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd3.dll
    O23 - Service: STC Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 8259 bytes


    البرامج المثبته/



    ====== معلومات نظام التشغيل ======

    X86 WIN_7 7600


    ====== قائمة البرامج المثبتة ======

    µTorrent
    ACDSee Pro 2.5
    Acrobat.com
    Acrobat.com
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS
    Adobe Reader X - Arabic
    Advanced Audio FX Engine
    Bing Bar
    Bing Bar Platform
    CyberLink PowerDVD 10
    CyberLink PowerDVD 10
    Dell Webcam Central
    FormatFactory 2.60
    GOM Player
    Intel(R) Graphics Media *********** Driver
    Internet Download Manager
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 24
    Java(TM) 6 Update 3
    K-Lite Codec Pack 4.1.7 (Full)
    Live! Cam Avatar Creator
    MakeUp Pilot 3.01
    Messenger Plus Saudi Toolbar
    Messenger Plus! 5
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Outlook Connector
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    ObjectDock Plus
    ONSPEED
    Paint.NET v3.36
    Paltalk Messenger
    PhotoInstrument 2.0
    PhotoScape
    Quick net
    QuickSet32
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Burn
    Roxio Burn
    Spy Sweeper Core
    STC ® Kaspersky ® Internet Security 2010
    STC ® Kaspersky ® Internet Security 2010
    The KMPlayer (remove only)
    Windows 7 Codec Pack 2.8.0
    Windows Internet Explorer Platform Preview
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Messenger
    Windows Media Player Firefox Plugin
    WinRAR 4.00 (32-bit)
    أداة التحميل Windows Live Upload Tool
    برنامج WIDCOMM Bluetooth
    مساعد تسجيل الدخول إلى Windows Live

    ستارت اب/
    "Silent Runners.vbs", revision 61, http://www.silentrunners.org/
    Operating System: Windows 7
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
    "Google Update" = ""C:\Users\un\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
    "uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" ["BitTorrent, Inc."]
    "Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ModemListener" = ""C:\Program Files\Quick net\ModemListener.exe" start" [null data]
    "avp" = ""C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe"" ["Kaspersky Lab"]
    "QuickSet" = ""C:\Program Files\Dell\QuickSet\QuickSet.exe"" ["Dell Inc."]
    "SlipStream" = ""C:\Program Files\ONSPEED\onspeedcore.exe"" ["SlipStream Data Inc."]
    "SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
    "BDRegion" = ""C:\Program Files\Cyberlink\Shared files\brs.exe"" ["cyberlink"]
    "IgfxTray" = ""C:\Windows\system32\igfxtray.exe"" ["Intel Corporation"]
    "HotKeysCmds" = ""C:\Windows\system32\hkcmd.exe"" ["Intel Corporation"]
    "Persistence" = ""C:\Windows\system32\igfxpers.exe"" ["Intel Corporation"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
    -> {HKLM...CLSID} = "IDMIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
    -> {HKLM...CLSID} = "Adobe PDF Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"
    -> {HKLM...CLSID} = "IEVkbdBHO Class"
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\ievkbd.dll" ["Kaspersky Lab"]

    {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"
    -> {HKLM...CLSID} = "Search Helper"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS]

    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

    {9AA2F14F-E956-44B8-8694-A5B615CDF341}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "NOW!Imaging"
    \InProcServer32\(Default) = "C:\Program Files\ONSPEED\components\NOWImaging.dll" ["SlipStream Data Inc."]

    {A66AA08A-9BF0-4e87-99E6-6972731D6B99}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Prefetch"
    \InProcServer32\(Default) = "C:\Program Files\ONSPEED\Prefetch.dll" ["SlipStream Data Inc."]

    {d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Bing Bar BHO"
    \InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll" [MS]

    {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

    {E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = "link filter bho"
    -> {HKLM...CLSID} = "FilterBHO Class"
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    BackupIconOverlayId\(Default) = "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
    -> {HKLM...CLSID} = "BackupIconOverlayId Class"
    \InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

    IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    -> {HKLM...CLSID} = "IDM Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

    "{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
    -> {HKLM...CLSID} = "Monitor Class"
    \InProcServer32\(Default) = "C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll" ["Broadcom Corporation."]

    "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: ShellExt"
    -> {HKLM...CLSID} = "AIMP2: ShellExt"
    \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

    "{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
    -> {HKLM...CLSID} = "IDM Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

    "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
    -> {HKLM...CLSID} = "Haali Column Provider"
    \InProcServer32\(Default) = "C:\Windows\system32\mmfinfo.dll" [null data]

    "{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}" = "Haali Matroska Shell Property Page"
    -> {HKLM...CLSID} = "Haali Matroska Shell Property Page"
    \InProcServer32\(Default) = "C:\Windows\system32\mmfinfo.dll" [null data]

    "{327669A0-59A7-4be9-B99E-1C9F3A57611A}" = "Haali Matroska Thumbnail Extractor"
    -> {HKLM...CLSID} = "Haali Matroska Thumbnail Extractor"
    \InProcServer32\(Default) = "C:\Windows\system32\mmfinfo.dll" [null data]

    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "c:\program files\real\realplayer\rpshell.dll" ["RealNetworks, Inc."]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    <<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd3.dll" ["Kaspersky Lab"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

    {50968FF7-10C1-4fb3-98B0-CD654D6CB97E}\(Default) = "BtwCredentialProvider"
    -> {HKLM...CLSID} = "BtwCredentialProvider"
    \InProcServer32\(Default) = "C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll" ["Broadcom Corporation."]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

    <<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS]

    <<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
    -> {HKLM...CLSID} = "AIMP2: ShellExt"
    \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\shellex.dll" ["Kaspersky Lab"]

    OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}"
    -> {HKLM...CLSID} = "OnlineProtectMenu Class"
    \InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

    AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}"
    -> {HKLM...CLSID} = "AIMP2: ShellExt"
    \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

    HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

    Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}"
    -> {HKLM...CLSID} = "Monitor Class"
    \InProcServer32\(Default) = "C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll" ["Broadcom Corporation."]

    HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
    -> {HKLM...CLSID} = "GraphicsShellExt Class"
    \InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
    -> {HKLM...CLSID} = "Haali Column Provider"
    \InProcServer32\(Default) = "C:\Windows\system32\mmfinfo.dll" [null data]

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\shellex.dll" ["Kaspersky Lab"]

    OnlineProtectMenu\(Default) = "{48865F7A-E34C-483f-AA6F-4AA38E2C3FC4}"
    -> {HKLM...CLSID} = "OnlineProtectMenu Class"
    \InProcServer32\(Default) = "C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll" ["SOS Online Backup"]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

    HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Users\un\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    ACDSeePro25ImportPicturesOnArrival\
    "Provider" = "ACDSee Pro 2.5"
    "InvokeProgID" = "ACDSee Pro 2.5.AutoPlayHandlerImport"
    "InvokeVerb" = "Import"
    HKLM\SOFTWARE\Classes\ACDSee Pro 2.5.AutoPlayHandlerImport\shell\Import\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" /detect:%1" ["ACD Systems"]

    ACDSeePro25ImportVideoFilesOnArrival\
    "Provider" = "ACDSee Pro 2.5"
    "InvokeProgID" = "ACDSee Pro 2.5.AutoPlayHandlerImport"
    "InvokeVerb" = "Import"
    HKLM\SOFTWARE\Classes\ACDSee Pro 2.5.AutoPlayHandlerImport\shell\Import\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" /detect:%1" ["ACD Systems"]

    ACDSeePro25PlayVideoFilesOnArrival\
    "Provider" = "ACDSee Pro 2.5"
    "InvokeProgID" = "ACDSee Pro 2.5.AutoPlayHandler"
    "InvokeVerb" = "Open"
    HKLM\SOFTWARE\Classes\ACDSee Pro 2.5.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1"" ["ACD Systems"]

    ACDSeePro25ShowPicturesOnArrival\
    "Provider" = "ACDSee Pro 2.5"
    "InvokeProgID" = "ACDSee Pro 2.5.AutoPlayHandler"
    "InvokeVerb" = "Open"
    HKLM\SOFTWARE\Classes\ACDSee Pro 2.5.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1"" ["ACD Systems"]

    BasicBurnAdd\
    "Provider" = "Roxio Burn"
    "InvokeProgID" = "BasicBurn.PLAYADD"
    "InvokeVerb" = "Add"
    HKLM\SOFTWARE\Classes\BasicBurn.PLAYADD\shell\Add\Command\(Default) = ""C:\Program Files\Roxio\Roxio Burn\Roxio Burn.exe" /BURN %L" [null data]

    BasicBurnCopy\
    "Provider" = "Roxio Burn"
    "InvokeProgID" = "BasicBurn.PLAYCOPY"
    "InvokeVerb" = "Copy"
    HKLM\SOFTWARE\Classes\BasicBurn.PLAYCOPY\shell\Copy\Command\(Default) = ""C:\Program Files\Roxio\Roxio Burn\Roxio Burn.exe" /Copy %L" [null data]

    GOMPlayDVDOnArrival\
    "Provider" = "GOM Player"
    "InvokeProgID" = "GomPlayer.DVD"
    "InvokeVerb" = "open"
    HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]

    GOMPlayMediaOnArrival\
    "Provider" = "GOM Player"
    "InvokeProgID" = "GomPlayer.MediaFile"
    "InvokeVerb" = "open"
    HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]
    HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"
    -> {HKLM...CLSID} = (no title provided)
    \LocalServer32\(Default) = ""C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe"" ["Gretech Corp."]

    PDVD10PlayBluRayOnArrival\
    "Provider" = "PowerDVD 10"
    "InvokeProgID" = "BluRay"
    "InvokeVerb" = "PlayWithPowerDVD10"
    HKLM\SOFTWARE\Classes\BluRay\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

    PDVD10PlayCDAudioOnArrival\
    "Provider" = "PowerDVD 10"
    "InvokeProgID" = "AudioCD"
    "InvokeVerb" = "PlayWithPowerDVD10"
    HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

    PDVD10PlayDVDMovieOnArrival\
    "Provider" = "PowerDVD 10"
    "InvokeProgID" = "DVD"
    "InvokeVerb" = "PlayWithPowerDVD10"
    HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

    PDVD10PlayEnhancedDVDOnArrival\
    "Provider" = "PowerDVD 10"
    "InvokeProgID" = "EnDVD"
    "InvokeVerb" = "PlayWithPowerDVD10"
    HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

    PDVD10PlaySVCDOnArrival\
    "Provider" = "PowerDVD 10"
    "InvokeProgID" = "SVCD"
    "InvokeVerb" = "PlayWithPowerDVD10"
    HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

    PDVD10PlayVCDMovieOnArrival\
    "Provider" = "PowerDVD 10"
    "InvokeProgID" = "VCD"
    "InvokeVerb" = "PlayWithPowerDVD10"
    HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD10\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]

    RPCDBurningOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.CDBurn.6"
    "InvokeVerb" = "open"
    HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

    RPDeviceOnArrival\
    "Provider" = "RealPlayer"
    "ProgID" = "RealPlayer.HWEventHandler"
    HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
    -> {HKLM...CLSID} = "RealNetworks Scheduler"
    \LocalServer32\(Default) = ""c:\program files\real\realplayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]

    RPDVDBurningOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.DVDBurn.6"
    "InvokeVerb" = "open"
    HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]

    RPPlayCDAudioOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.AudioCD.6"
    "InvokeVerb" = "play"
    HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

    RPPlayDVDMovieOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.DVD.6"
    "InvokeVerb" = "play"
    HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

    RPPlayMediaOnArrival\
    "Provider" = "RealPlayer"
    "InvokeProgID" = "RealPlayer.AutoPlay.6"
    "InvokeVerb" = "open"
    HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

    WIA_{4B5D169E-E1E2-48C4-9ED7-21C9761595B3}\
    "Provider" = "ACDSee Pro 2.5"
    "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
    "InitCmdLine" = "/WiaCmd;start ACDSeeQVPro25.exe /StiDevice:%1 /StiEvent:%2;"
    -> {HKLM...CLSID} = "WPDShextAutoplay"
    \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]


    Startup items in "un" & "All Users" startup folders:
    ----------------------------------------------------

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
    "ONSPEED" -> shortcut to: "C:\Program Files\ONSPEED\onspeedgui.exe" ["SlipStream Data Inc."]


    Windows Sidebar Gadgets:
    ------------------------

    C:\Users\un\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
    "C:%5CUsers%5Cun%5CAppData%5CLocal%5CMicrosoft%5CWindows%20Sidebar%5CGadgets%5CRadio00MBCFM0online0.gadget"


    Non-disabled Scheduled Tasks:
    -----------------------------

    C:\Windows\System32\Tasks
    "GoogleUpdateTaskUserS-1-5-21-2856774241-2753114494-3394699565-1000Core" -> launches: "C:\Users\un\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
    "GoogleUpdateTaskUserS-1-5-21-2856774241-2753114494-3394699565-1000UA" -> launches: "C:\Users\un\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
    "RealUpgradeLogonTaskS-1-5-21-2856774241-2753114494-3394699565-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]
    "RealUpgradeScheduledTaskS-1-5-21-2856774241-2753114494-3394699565-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
    "SidebarExecute" -> launches: "C:\Program Files\Windows Sidebar\sidebar.exe /addGadget" [MS]
    "User_Feed_Synchronization-{E4960045-0C7B-4938-A9F0-C23B06346E66}" -> (HIDDEN!) launches: "C:\Windows\system32\msfeedssync.exe sync" [MS]
    "wrSpySweeper_L805B45C12FC74A3B9709AF27F374A5B3" -> launches: "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /ScheduleCleanup=wrSpySweeper_L805B45C12FC74A3B9709AF27F374A5B3" ["Webroot Software, Inc."]
    "wrSpySweeper_LF7281B1070FE49B1AD1D129ECE02B43B" -> launches: "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /ScheduleSweep=wrSpySweeper_LF7281B1070FE49B1AD1D129ECE02B43B" ["Webroot Software, Inc."]
    "{0C3B4F0B-86FD-4284-8412-846581A469EF}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe -c /uninstall" [MS]
    "{27B53E7E-EF75-4373-9BAA-01921D6B36B3}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\un\Desktop\coreaacSetup.exe -d C:\Users\un\Desktop" [MS]
    "{4185E4B4-5992-4A74-9320-2B4247E7D6C9}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\un\Desktop\طھط¹ط±ظٹظپ ظƒط±طھ ط§ظ„ط´ط§ط´ط©.exe" -d C:\Users\un\Desktop" [MS]
    "{9064BDF3-7319-4DC1-B06F-600F7827702D}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\un\Desktop\jre-6u23-windows-i586-iftw.exe -d C:\Users\un\Desktop" [MS]
    "{B5FAB6B5-0D8A-457F-A319-12287764CD92}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL" [MS]
    "{BAA327A2-B888-45D2-A3BE-32C7E4AF307F}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\MESSEN~3\UNWISE.EXE -c /U C:\PROGRA~1\MESSEN~3\INSTALL.LOG" [MS]
    "{C6B57B8B-5B62-4CD7-A843-ADF8FF774B02}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\un\Desktop\JavaSetup6u24.exe -d C:\Users\un\Desktop" [MS]
    "{CBC508D6-7A31-471B-8C30-9B4391A5451A}" -> launches: "C:\Windows\system32\pcalua.exe -a F:\SETUP.EXE -d F:\" [MS]
    "{D6A9D196-FCFD-4297-A7EF-7EE456D3E90F}" -> launches: "C:\Windows\system32\pcalua.exe -a "G:\masss\alien shooter.exe" -d G:\masss" [MS]
    "{DEBCD476-F18D-475E-8224-B038EB1B9AF0}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\un\Desktop\Realtek High Definition Audio Driver R2.34.For.Xp\Realtek High Definition Audio Driver R2.34.For.Xp\WDM_R234.exe" -d "C:\Users\un\Desktop\Realtek High Definition Audio Driver R2.34.For.Xp\Realtek High Definition Audio Driver R2.34.For.Xp"" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
    "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
    -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
    \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
    "AitAgent" -> launches: "aitagent" [MS]
    "ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
    "Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
    "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
    "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
    -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
    \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
    "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
    -> {HKLM...CLSID} = "Certificate Services Client Task Handler"
    \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
    "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
    "KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
    -> {HKLM...CLSID} = "KernelCeipCustomHandler"
    \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
    "UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
    -> {HKLM...CLSID} = "UsbCeip"
    \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
    "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
    "Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
    -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
    \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Location
    "Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
    "WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"
    -> {HKLM...CLSID} = "WinSAT Task Manger Task"
    \InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
    "ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]
    "ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]
    "DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]
    "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
    "InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]
    "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]
    "MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]
    "ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]
    "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
    "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]
    "PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]
    "PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]
    "PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]
    "PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]
    "PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]
    "RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]
    "ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]
    "SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]
    "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
    "CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
    -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
    \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
    "DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
    -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
    \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
    "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
    -> {HKLM...CLSID} = "HotStart User Agent"
    \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MUI
    "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
    "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
    -> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
    \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
    "GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]

    C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
    "AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\RAC
    "RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
    -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
    \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Ras
    "MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
    -> {HKLM...CLSID} = "RasMobilityManager"
    \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Registry
    "RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
    -> {HKLM...CLSID} = "RegistryIdleBackupHandler"
    \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
    "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
    "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
    -> {HKLM...CLSID} = "GadgetsManager Class"
    \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
    "Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
    -> {HKLM...CLSID} = "RunTask"
    \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
    "IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
    "IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
    "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
    -> {HKLM...CLSID} = "MsCtfMonitor task handler"
    \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
    "SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
    "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\WDI
    "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
    -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
    \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
    "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
    "BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
    "UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
    "ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows Defender
    "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]

    C:\Windows\System32\Tasks\WPD
    "SqmUpload_S-1-5-21-2856774241-2753114494-3394699565-1000" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
    000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
    000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
    000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    C:\PROGRA~1\ONSPEED\sliplsp.dll ["SlipStream Data Inc."], 01, 13
    %SystemRoot%\system32\mswsock.dll [MS], 02 - 12, 14 - 33


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\
    "ButtonText" = "PalTalk"
    "Exec" = "C:\Program Files\Paltalk Messenger\Paltalk.exe" ["AVM Software Inc."]

    {CCA281CA-C863-46EF-9331-5C8D4460577F}\
    "ButtonText" = "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015"
    "MenuText" = "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650"
    "Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

    {CCF151D8-D089-449F-A5A4-D9909053F20F}\
    "ButtonText" = "فحص عناوين المواقع (URL)"
    "CLSIDExtension" = "{CCF151D8-D089-449F-A5A4-D9909053F20F}"
    -> {HKLM...CLSID} = "FilterButtonHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" ["Broadcom Corporation."]
    DeviceManager, DeviceManager, "C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -start" [null data]
    SeaPort, SeaPort, ""C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"" [MS]
    STC Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2010\avp.exe" -r" ["Kaspersky Lab"]
    Webroot Client Service, WRConsumerService, ""C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe"" ["Webroot Software, Inc. "]


    Safe Mode Drivers & Services (subkey name, subkey default value):
    -----------------------------------------------------------------

    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

    <<!>> WRConsumerService, "Service"

    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

    <<!>> WRConsumerService, "Service"


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


    ---------- (launch time: 2011-04-07 20:39:00)
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 103 seconds, including 8 seconds for message boxes)
     
  5. نوف بنت السعوديه

    نوف بنت السعوديه زيزوومى فعال

    إنضم إلينا في:
    ‏فبراير 5, 2011
    المشاركات:
    211
    الإعجابات :
    0
    نقاط الجائزة:
    280
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    أخرى
    يعطيك العافيه

    حلمي الوحيد اني اكون خبرية اجهزه وبرامج بس محد راضي يعطيني وجه
     
  6. al_amera

    al_amera زيزوومى ذهبى

    إنضم إلينا في:
    ‏ابريل 8, 2011
    المشاركات:
    1,789
    الإعجابات :
    2,762
    نقاط الجائزة:
    1,020
    الجنس:
    أنثى
    الإقامة:
    Cairo - Egypt
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows8.1
    شــــــــــــــــــــــــــــكرا لك :getsmile.tmp0018002


    [​IMG]
     
  7. Omar Yousif

    Omar Yousif زيزوومى متألق

    إنضم إلينا في:
    ‏يوليو 19, 2008
    المشاركات:
    308
    الإعجابات :
    2
    نقاط الجائزة:
    390
    الإقامة:
    On Earth
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    بارك الله فيك
    تحياتي لك
     
  8. mmyz

    mmyz زيزوومي جديد

    إنضم إلينا في:
    ‏أغسطس 8, 2010
    المشاركات:
    1
    الإعجابات :
    0
    نقاط الجائزة:
    0
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
  9. انفال غزة

    انفال غزة زيزوومى مبدع

    إنضم إلينا في:
    ‏يونيو 2, 2010
    المشاركات:
    1,155
    الإعجابات :
    230
    نقاط الجائزة:
    670
    الجنس:
    أنثى
    الإقامة:
    فلسطين(غزة)
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    الله يعطيك العافية
     
  10. Mido-ars

    Mido-ars زيزوومي جديد

    إنضم إلينا في:
    ‏ابريل 18, 2011
    المشاركات:
    2
    الإعجابات :
    0
    نقاط الجائزة:
    0
    برامج الحماية:
    اخرى
    نظام التشغيل:
    أخرى
    يعطيك العافية أخي الكريم​
     
  11. l_a7bk_l

    l_a7bk_l زيزوومي جديد

    إنضم إلينا في:
    ‏يونيو 10, 2010
    المشاركات:
    2
    الإعجابات :
    0
    نقاط الجائزة:
    0
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    السسلام عليكم ..

    هذا تقرير الهايجاك

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:47:20 ص, on 14/05/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Hide The IP 2010\AVRedirector.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\ChgService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ZTE Connection Manager\AssistantServices.exe
    C:\Program Files\Clocx\Clocx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\ZTE Connection Manager\UIExec.exe
    C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hide The IP 2010\HideTheIP.exe
    C:\Program Files\ZTE Connection Manager\UIMain.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
    C:\Program Files\ZTE Connection Manager\CMUpdater.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Zyzoom_Forum_Tools\zyzoom.exe
    C:\Zyzoom_Forum_Tools\zHijak.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.sa/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O1 - Hosts: 74.208.10.249 gs.apple.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ClocX] C:\Program Files\Clocx\Clocx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKLM\..\Run: [UIExec] "C:\Program Files\ZTE Connection Manager\UIExec.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP 2010\HideTheIP.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avlibrary.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avlibrary.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avlibrary.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D56B869F-0047-4116-8344-0432A02B9466}: NameServer = 84.235.6.55 84.235.57.230
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: البرنامج الخفي لذاكرة التخزين المؤقت لفئات المكونات - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: AVRedirector - Unknown owner - C:\Program Files\Hide The IP 2010\AVRedirector.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\System32\ChgService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\ZTE Connection Manager\AssistantServices.exe

    --
    End of file - 10362 bytes
     
  12. طوماس

    طوماس زيزوومى مبدع

    إنضم إلينا في:
    ‏ديسمبر 24, 2007
    المشاركات:
    1,176
    الإعجابات :
    87
    نقاط الجائزة:
    640
    الجنس:
    ذكر
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
  13. باجخيف

    باجخيف زيزوومي جديد

    إنضم إلينا في:
    ‏ديسمبر 11, 2010
    المشاركات:
    82
    الإعجابات :
    3
    نقاط الجائزة:
    80
    برامج الحماية:
    ESET
    نظام التشغيل:
    Windows XP
    معلووووومه جميلة وبارك الله فيك
     
  14. محبكم في الله

    محبكم في الله زيزوومي جديد

    إنضم إلينا في:
    ‏مارس 5, 2011
    المشاركات:
    16
    الإعجابات :
    0
    نقاط الجائزة:
    20
    برامج الحماية:
    اخرى
    نظام التشغيل:
    أخرى
    السلام عليكم ورحمة الله وبركاتة

    (1) تقرير HijackThis


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 06:28:03 ص, on 18/05/11
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16766)
    Boot mode: Normal

    Running processes:
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Atheros\ACU.exe
    C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Zyzoom_Forum_Tools\zyzoom.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Zyzoom_Forum_Tools\zHijak.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.163.96.2:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
    R3 - URLSearchHook: Messenger Plus Saudi Toolbar - {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} - C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Messenger Plus Saudi - {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} - C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll
    O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
    O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: Messenger Plus Saudi Toolbar - {9e1b5c68-1ab5-49fe-97a9-d3f777c51663} - C:\Program Files\Messenger_Plus_Saudi\prxtbMess.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O8 - Extra context menu item: إضافة إلى مكافحة الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O9 - Extra button: &لوحة المفاتيح الظاهرية - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: فحص &عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Windows\system32\acs.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
    O23 - Service: خدمة Kaspersky لمكافحة الفيروسات (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Hotspot Shield\bin\HssTrayService.EXE (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

    --
    End of file - 8265 bytes


    (2) تقرير عن قائمة البرامج المثبتة



    ====== معلومات نظام التشغيل ======

    X86 WIN_7 7600


    ====== قائمة البرامج المثبتة ======

    7-Zip 9.20
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Ashampoo Burning Studio 10 10.0.7
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Conduit Engine
    D3DX10
    FormatFactory 2.40
    Golden Al-Wafi Translator
    GOM Player
    Google Earth
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Control Center
    Intel(R) Graphics Media *********** Driver
    Internet Download Manager
    Java Auto Updater
    Java(TM) 6 Update 24
    K-Lite Codec Pack 6.1.0 (Full)
    LameACM
    Messenger Plus Saudi Toolbar
    Messenger Plus! Live
    Microsoft Application Error Reporting
    Microsoft Silverlight
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0 (x86 ar)
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyAshampoo Toolbar
    Nokia Connectivity Cable Driver
    ON_OFF Charge B10.0427.1
    PC Connectivity Solution
    Platform
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    REALTEK RTL8187 Wireless LAN Driver and Utility
    RealUpgrade 1.1
    TuneUp Utilities 2011
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    UltraISO Premium V9.33
    VIA Platform Device Manager
    VLC media player 1.0.5
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    WinRAR archiver
    برنامج Kaspersky لأمان الإنترنت 2011
    برنامج Kaspersky لأمان الإنترنت 2011
    حزمة برامج تشغيل Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)



    (3) تقرير runscanner


    http://www.eupload.org/shared/15383runscanner.rar


    http://www.eupload.org/shared/15383runscanner.rar


    (4) StartUp

    http://www.eupload.org/shared/1088(4)_startup.rar


    http://www.eupload.org/shared/1088(4)_startup.rar
     
  15. لم أصل

    لم أصل زيزوومي جديد

    إنضم إلينا في:
    ‏مايو 18, 2011
    المشاركات:
    3
    الإعجابات :
    0
    نقاط الجائزة:
    0
    الإقامة:
    المدينة المنورة
    برامج الحماية:
    Avira
    نظام التشغيل:
    Windows Vista
    تقرير هايجاك

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:32:53 ص, on 19/05/11
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\explorer.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Zyzoom_Forum_Tools\zyzoom.exe
    C:\Zyzoom_Forum_Tools\zHijak.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [avgnt] &quot;C:\Program Files\Avira\AntiVir Desktop\avgnt.exe&quot; /min
    O4 - HKLM\..\Run: [************ Anti-Malware (reboot)] &quot;C:\Program Files\************' Anti-Malware\mbam.exe&quot; /runcleanupscript
    O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
    O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Video***********Service - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\Video***********Service.exe

    --
    End of file - 5166 bytes



    تقرير البرامج المثبتة



    ====== معلومات نظام التشغيل ======

    X86 WIN_VISTA 6002 Service Pack 2


    ====== قائمة البرامج المثبتة ======

    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS
    Adobe Reader 8.2.6
    Apple Software Update
    Ask Toolbar
    Avira Premium Security Suite
    Bonjour
    CCleaner
    CyberLink PowerDVD
    D3DX10
    DFX for RealPlayer
    Google Chrome
    Google Update Helper
    HiYo
    HiYo
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java(TM) 6 Update 13
    Junk Mail filter update
    ************' Anti-Malware
    Messenger Plus! 5
    Microsoft .NET Framework 3.5 Language Pack SP1 - ara
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Arabic) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Arabic) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
    Microsoft Office InfoPath MUI (Arabic) 2007
    Microsoft Office OneNote MUI (Arabic) 2007
    Microsoft Office Outlook MUI (Arabic) 2007
    Microsoft Office PowerPoint MUI (Arabic) 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proofing (Arabic) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Arabic) 2007
    Microsoft Office Shared MUI (Arabic) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Word MUI (Arabic) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0.1 (x86 ar)
    MpcStar 5.1
    MSVC80_x86
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    neroxml
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia PC Suite
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Playchess
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Skype™ 5.3
    SMPlayer 0.6.9
    Uniblue RegistryBooster
    Uniblue RegistryBooster
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    VideoLAN VLC media player 0.8.6b
    Windows Doctor 2.0
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR archiver
    بريد Windows Live
    تحديث لـ Microsoft Office Excel 2007 Help (KB963678)
    تحديث لـ Microsoft Office Powerpoint 2007 Help (KB963669)
    تحديث لـ Microsoft Office Word 2007 Help (KB963665)
    حزمة اللغة لـ Microsoft .NET Framework 3.5 SP1 - ARA
    حزمة برامج تشغيل Windows - Nokia Modem (05/22/2008 3.8)
    حزمة برامج تشغيل Windows - Nokia Modem (06/09/2010 7.01.0.8)
    حزمة برامج تشغيل Windows - Nokia Modem (10/07/2010 4.6)
    معرض صور Windows Live
     
  16. zerak1977

    zerak1977 زيزوومى مميز

    إنضم إلينا في:
    ‏يوليو 30, 2009
    المشاركات:
    907
    الإعجابات :
    73
    نقاط الجائزة:
    540
    الجنس:
    ذكر
    الإقامة:
    العراق - أربيل
    برامج الحماية:
    Bitdefender
    نظام التشغيل:
    Windows 10
    شكرا و بارك الله فيك
     
  17. فاتح95

    فاتح95 زيزوومي جديد

    إنضم إلينا في:
    ‏فبراير 4, 2011
    المشاركات:
    19
    الإعجابات :
    0
    نقاط الجائزة:
    20
    الجنس:
    ذكر
    الإقامة:
    الموصل
    برامج الحماية:
    COMODO
    نظام التشغيل:
    Windows 7
    السلام عليكم أخي أرجو مساعدتي لأني اشك بوجود برامج خبيثة في جهازي, وذلك من خلال دخولي الى قائمة run وكتابةsystem.ini
    فلم يظهر لي الرقم 850 ولكن ظهر لي الرمزWOA
    فكيف لي أن أتخلص من هذه المشكلة؟؟؟؟ علما أنَّ نظام التشغيل لدي ويندوز7
    وجزاك الله كلَّ خيرٍ, أرجو أن تسعفني بالجواب الشافي فأنا من المعجبين بك وبارك الله فيك.
    ارجو كلَّ مَنْ يستطيع مساعدتي أن لا يبخلَ علي بالجواب وله الأجر والثواب.
     
  18. soly

    soly زيزوومى فضى

    إنضم إلينا في:
    ‏مايو 8, 2008
    المشاركات:
    5,124
    الإعجابات :
    705
    نقاط الجائزة:
    920
    الجنس:
    ذكر
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    بارك الله فيك
     
  19. الفتى adeeb

    الفتى adeeb زيزوومى مبدع

    إنضم إلينا في:
    ‏أكتوبر 22, 2010
    المشاركات:
    1,125
    الإعجابات :
    76
    نقاط الجائزة:
    640
    الإقامة:
    Ksa - jeddah
    برامج الحماية:
    ESET
    نظام التشغيل:
    Windows 7
    بارك الله فيك

    الطريقة منشرة وبكثرة

    وأنت سهلتها ووضحتها
     
  20. محب المدينه

    محب المدينه عضوشرف

    إنضم إلينا في:
    ‏ديسمبر 20, 2010
    المشاركات:
    5,034
    الإعجابات :
    1,922
    نقاط الجائزة:
    1,070
    الجنس:
    ذكر
    الإقامة:
    المدينة
    برامج الحماية:
    avast
    نظام التشغيل:
    Windows 10
    بارك الله فيك
     
حالة الموضوع:
مغلق

مشاركة هذه الصفحة

جاري تحميل الصفحة...