-
[ يمنع ] طرح أي موضوع يحوي على كراكات أو باتشات او كيجنات من غير فحصها عبر موقع فيروس توتال [ virustotal.com ] وطرح رابط الفحص ضِمن الموضوع.
- بادئ الموضوع sss_2000
- تاريخ البدء
- 3,119
Blackstar_tech
زيزوومي جديد
- إنضم
- 28 أغسطس 2007
- المشاركات
- 2,158
- مستوى التفاعل
- 9
- النقاط
- 0
- الإقامة
- Egypt
- الموقع الالكتروني
- www.zyzoom.net
غير متصل
لو سمحت ممكن صورة ؟؟
توقيع : Blackstar_tech
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
عزيزي حمل هذه الأدآء وقم بفحص جهآآزك من خلالها وإن شآآء الله .. تحذف لك هذه الأدآآء هذا التروجان
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : Al jNtEeL
وكل ما أروخ أي موقع تظهر هالرساالة
بعدها تسكر الموقع وتشفلب لي حاله يمين شمال حتى هون في زيوووووم
ويخرج لي هذا الترقرير في ملف txt
Set lengyincn = Create("Wscript.Shell")
lengyincn.run "cmd /c C:\MicroSoft.bat",vbhide
ويش الخل الله يكرمكم
بعدها تسكر الموقع وتشفلب لي حاله يمين شمال حتى هون في زيوووووم
ويخرج لي هذا الترقرير في ملف txt
Set lengyincn = Create("Wscript.Shell")
lengyincn.run "cmd /c C:\MicroSoft.bat",vbhide
ويش الخل الله يكرمكم
راح اسوي وبشوف تسلم
أبو جهاد المصري
زيزوومي نشيط
- إنضم
- 15 فبراير 2008
- المشاركات
- 126
- مستوى التفاعل
- 21
- النقاط
- 180
غير متصل
جزاك الله خيرا
بالاضافه لكلاام الاحبة
( 1 )
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
التقرير أخي زيوم الله يبارك فيك هو
الأول
ComboFix 08-06-08.8 - Administrator 06/09/2008 18:52:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.187 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\0TAN8DA7\cnsminex_empty[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\49MJ4T2N\cnsminex_empty[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\49MJ4T2N\cnsminex_empty[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\49MJ4T2N\cnsminex_empty[3].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8DUNWDIB\cnsminex_empty[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8DUNWDIB\cnsminex_empty[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8DUNWDIB\cnsminex_empty[3].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8L6JCHY7\cnsminex_empty[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8L6JCHY7\cnsminex_empty[2].htm
.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 15:57 84,768 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-09 15:57 810,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 15:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-06-09 15:42 30 ----a-w C:\MicroSoft.bat
2008-06-09 15:42 186 ----a-w C:\MicroSoft.vbs
2008-06-09 15:42 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-09 15:01 --------- d-----w C:\Program Files\Ulead Systems
2008-06-09 14:58 --------- d-----w C:\Program Files\shamela library
2008-06-09 14:54 --------- d-----w C:\Program Files\WinPcap
2008-06-09 14:53 --------- d-----w C:\Program Files\netcut
2008-06-09 14:37 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-06-09 14:32 9,216 ----a-w C:\WINDOWS\AppPatch\AcXtrnel.dll
2008-06-09 14:32 13,824 ----a-w C:\WINDOWS\AppPatch\Jview.dll
2008-06-09 14:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-06-09 14:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-09 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-05 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-05 17:33 8,012 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-05 17:33 10,316 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-05 17:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 17:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-05-05 17:19 --------- d-----w C:\Program Files\All-into-One Flash Mixer
2008-05-05 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-05 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-05 16:45 --------- d-----w C:\Program Files\Ashampoo
2008-05-05 14:09 --------- d-----w C:\Program Files\Ace Utilities
2008-05-05 14:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 13:50 --------- d-----w C:\Program Files\Java
2008-05-05 13:49 --------- d-----w C:\Program Files\Common Files\Java
2008-05-05 13:48 --------- d-----w C:\Program Files\Opera
2008-05-05 13:48 --------- d-----w C:\Program Files\My Company Name
2008-05-05 13:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-05 13:41 --------- d-----w C:\Program Files\8start Launcher
2008-05-05 13:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 13:24 --------- d-----w C:\Program Files\Folder Guide
2008-05-05 13:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 13:22 --------- d-----w C:\Program Files\SmartSound Software
2008-05-05 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-05-05 13:20 --------- d-----w C:\Program Files\Windows Media Components
2008-05-05 13:20 --------- d-----w C:\Program Files\QuickTime
2008-05-05 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-05 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-05 13:17 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-05-05 13:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-05 13:09 --------- d-----w C:\Program Files\DFX
2008-05-05 13:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 13:07 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-05 13:07 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 13:06 --------- d-----w C:\Program Files\Real
2008-05-05 13:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-05-05 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-05 13:00 --------- d-----w C:\Program Files\TechSmith
2008-05-05 13:00 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-05-05 12:59 --------- d-----w C:\Program Files\Batch Image Resizer
2008-05-05 12:57 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-05 12:57 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-05 12:47 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-05 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-05 12:40 --------- d-----w C:\Program Files\windows options
2008-05-05 12:40 --------- d-----w C:\Program Files\SmartCCC
2008-05-05 12:40 --------- d-----w C:\Program Files\Mohamed
2008-05-05 12:39 --------- d-----w C:\Program Files\SpiritPyre Extensions
2008-05-05 12:38 --------- d-----w C:\Program Files\stardock
2008-05-05 12:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-05 12:25 --------- d-----w C:\Program Files\System
2008-04-22 04:55 443,561 ----a-w C:\WINDOWS\system32\MH2EN.exe
2008-04-22 03:50 443,563 ----a-w C:\WINDOWS\system32\updatesystem.exe
2008-04-21 23:01 78 ----a-w C:\clean.cmd
2008-04-19 11:15 151,552 ----a-w C:\WINDOWS\UnUSBDrv.exe
2008-04-15 22:29 9,155,740 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-04-15 22:07 7,974,044 ----a-w C:\WINDOWS\system32\CCL.exe
2008-04-12 10:57 118,784 ----a-w C:\WINDOWS\system32\timer.exe
2008-04-05 15:37 2,320,640 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-02 05:41 99,389 ----a-w C:\WINDOWS\system32\defupix.exe
2008-04-02 05:40 99,392 ----a-w C:\WINDOWS\system32\48pix.exe
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-29 08:52 2,972,672 ----a-w C:\WINDOWS\system32\UL.exe
2008-03-29 08:19 103,848 ----a-w C:\WINDOWS\system32\Prelogonuiscreen.exe
2008-03-29 08:19 103,793 ----a-w C:\WINDOWS\system32\Disablemyj.exe
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-23 16:18 4,393,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-20 06:38 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-03-19 12:19 826,368 ----a-w C:\WINDOWS\system32\wmvdmod.dll
2008-03-19 12:19 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
2008-03-19 12:19 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
2008-03-19 12:19 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
2008-03-19 12:19 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
2008-03-19 12:19 329,728 ----a-w C:\WINDOWS\system32\WPDSp.dll
2008-03-19 12:19 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
2008-03-19 12:19 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
2008-03-19 12:19 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
2008-03-19 12:18 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
2008-03-19 12:18 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
2008-03-19 12:18 771,584 ----a-w C:\WINDOWS\system32\wmsdmod.dll
2008-03-19 12:18 407,552 ----a-w C:\WINDOWS\system32\wmspdmod.dll
2008-03-19 12:18 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-03-19 12:18 20,480 ----a-w C:\WINDOWS\system32\wmpui.dll
2008-03-19 12:18 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
.
------- Sigcheck -------
10/09/2007 02:58 AM 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys
04/05/2008 06:37 PM 2320640 93d694a67da32f27a82413cf79cc0f55 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [12/21/2007 07:08 AM 931760]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [05/05/2008 04:27 PM 3084288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/05/2008 04:07 PM 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2008-06-09 18:02:09 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [06/09/2008 05:32 PM 13824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\~1\WINDOW~1\wbsrv.dll 12/20/2005 10:57 PM 176128 C:\PROGRA~1\stardock\~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"<NO NAME>"=
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
"Vistadrv"=
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R3 EPPSCSIx;EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys [03/06/2002 02:20 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [08/03/2005 12:10 AM]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-06-09 18:57:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 06/09/2008 19:01:48
ComboFix-quarantined-files.txt 2008-06-09 16:01:35
Pre-Run: 5,820,440,576 bytes free
Post-Run: 5,862,178,816 bytes free
208
التالي
Logfile of HijackThis v1.99.1
Scan saved at 07:06:49 م, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Yahoo!\Messenger\yupdater.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ping.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.297\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{50E0AD2F-0962-4845-9C0D-FA3B9F6172CD}: NameServer = 127.0.0.1,213.131.66.246
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\~1\WINDOW~1\wbsrv.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
جزاك الله خيرا
لعل الله يجعلك سببا للحل لأن الفورمات مصيبة بالنسية لي
علما أنما أسوي تحديث للكاسبر الجهاز ينشقلب حاله
وصفحات النت تنشقلب
والكاسبر ما يبطل يعمل أصوات
الأول
ComboFix 08-06-08.8 - Administrator 06/09/2008 18:52:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.187 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\0TAN8DA7\cnsminex_empty[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\49MJ4T2N\cnsminex_empty[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\49MJ4T2N\cnsminex_empty[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\49MJ4T2N\cnsminex_empty[3].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8DUNWDIB\cnsminex_empty[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8DUNWDIB\cnsminex_empty[2].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8DUNWDIB\cnsminex_empty[3].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8L6JCHY7\cnsminex_empty[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\.IE5\8L6JCHY7\cnsminex_empty[2].htm
.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 15:57 84,768 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-09 15:57 810,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 15:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-06-09 15:42 30 ----a-w C:\MicroSoft.bat
2008-06-09 15:42 186 ----a-w C:\MicroSoft.vbs
2008-06-09 15:42 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-09 15:01 --------- d-----w C:\Program Files\Ulead Systems
2008-06-09 14:58 --------- d-----w C:\Program Files\shamela library
2008-06-09 14:54 --------- d-----w C:\Program Files\WinPcap
2008-06-09 14:53 --------- d-----w C:\Program Files\netcut
2008-06-09 14:37 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-06-09 14:32 9,216 ----a-w C:\WINDOWS\AppPatch\AcXtrnel.dll
2008-06-09 14:32 13,824 ----a-w C:\WINDOWS\AppPatch\Jview.dll
2008-06-09 14:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-06-09 14:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-09 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-05 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-05 17:33 8,012 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-05 17:33 10,316 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-05 17:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 17:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-05-05 17:19 --------- d-----w C:\Program Files\All-into-One Flash Mixer
2008-05-05 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-05 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-05 16:45 --------- d-----w C:\Program Files\Ashampoo
2008-05-05 14:09 --------- d-----w C:\Program Files\Ace Utilities
2008-05-05 14:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 13:50 --------- d-----w C:\Program Files\Java
2008-05-05 13:49 --------- d-----w C:\Program Files\Common Files\Java
2008-05-05 13:48 --------- d-----w C:\Program Files\Opera
2008-05-05 13:48 --------- d-----w C:\Program Files\My Company Name
2008-05-05 13:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-05 13:41 --------- d-----w C:\Program Files\8start Launcher
2008-05-05 13:25 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 13:24 --------- d-----w C:\Program Files\Folder Guide
2008-05-05 13:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 13:22 --------- d-----w C:\Program Files\SmartSound Software
2008-05-05 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-05-05 13:20 --------- d-----w C:\Program Files\Windows Media Components
2008-05-05 13:20 --------- d-----w C:\Program Files\QuickTime
2008-05-05 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-05 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-05 13:17 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-05-05 13:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-05 13:09 --------- d-----w C:\Program Files\DFX
2008-05-05 13:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 13:07 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-05 13:07 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 13:06 --------- d-----w C:\Program Files\Real
2008-05-05 13:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-05-05 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-05 13:00 --------- d-----w C:\Program Files\TechSmith
2008-05-05 13:00 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-05-05 12:59 --------- d-----w C:\Program Files\Batch Image Resizer
2008-05-05 12:57 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-05 12:57 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-05 12:47 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-05 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-05 12:40 --------- d-----w C:\Program Files\windows options
2008-05-05 12:40 --------- d-----w C:\Program Files\SmartCCC
2008-05-05 12:40 --------- d-----w C:\Program Files\Mohamed
2008-05-05 12:39 --------- d-----w C:\Program Files\SpiritPyre Extensions
2008-05-05 12:38 --------- d-----w C:\Program Files\stardock
2008-05-05 12:25 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-05 12:25 --------- d-----w C:\Program Files\System
2008-04-22 04:55 443,561 ----a-w C:\WINDOWS\system32\MH2EN.exe
2008-04-22 03:50 443,563 ----a-w C:\WINDOWS\system32\updatesystem.exe
2008-04-21 23:01 78 ----a-w C:\clean.cmd
2008-04-19 11:15 151,552 ----a-w C:\WINDOWS\UnUSBDrv.exe
2008-04-15 22:29 9,155,740 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-04-15 22:07 7,974,044 ----a-w C:\WINDOWS\system32\CCL.exe
2008-04-12 10:57 118,784 ----a-w C:\WINDOWS\system32\timer.exe
2008-04-05 15:37 2,320,640 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-02 05:41 99,389 ----a-w C:\WINDOWS\system32\defupix.exe
2008-04-02 05:40 99,392 ----a-w C:\WINDOWS\system32\48pix.exe
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-29 08:52 2,972,672 ----a-w C:\WINDOWS\system32\UL.exe
2008-03-29 08:19 103,848 ----a-w C:\WINDOWS\system32\Prelogonuiscreen.exe
2008-03-29 08:19 103,793 ----a-w C:\WINDOWS\system32\Disablemyj.exe
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-23 16:18 4,393,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-20 06:38 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-03-19 12:19 826,368 ----a-w C:\WINDOWS\system32\wmvdmod.dll
2008-03-19 12:19 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
2008-03-19 12:19 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
2008-03-19 12:19 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
2008-03-19 12:19 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
2008-03-19 12:19 329,728 ----a-w C:\WINDOWS\system32\WPDSp.dll
2008-03-19 12:19 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
2008-03-19 12:19 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
2008-03-19 12:19 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
2008-03-19 12:18 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
2008-03-19 12:18 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
2008-03-19 12:18 771,584 ----a-w C:\WINDOWS\system32\wmsdmod.dll
2008-03-19 12:18 407,552 ----a-w C:\WINDOWS\system32\wmspdmod.dll
2008-03-19 12:18 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-03-19 12:18 20,480 ----a-w C:\WINDOWS\system32\wmpui.dll
2008-03-19 12:18 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
.
------- Sigcheck -------
10/09/2007 02:58 AM 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys
04/05/2008 06:37 PM 2320640 93d694a67da32f27a82413cf79cc0f55 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [12/21/2007 07:08 AM 931760]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [05/05/2008 04:27 PM 3084288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/05/2008 04:07 PM 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2008-06-09 18:02:09 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [06/09/2008 05:32 PM 13824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\~1\WINDOW~1\wbsrv.dll 12/20/2005 10:57 PM 176128 C:\PROGRA~1\stardock\~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"<NO NAME>"=
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
"Vistadrv"=
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R3 EPPSCSIx;EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys [03/06/2002 02:20 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [08/03/2005 12:10 AM]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-06-09 18:57:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 06/09/2008 19:01:48
ComboFix-quarantined-files.txt 2008-06-09 16:01:35
Pre-Run: 5,820,440,576 bytes free
Post-Run: 5,862,178,816 bytes free
208
التالي
Logfile of HijackThis v1.99.1
Scan saved at 07:06:49 م, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Yahoo!\Messenger\yupdater.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ping.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.297\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{50E0AD2F-0962-4845-9C0D-FA3B9F6172CD}: NameServer = 127.0.0.1,213.131.66.246
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\~1\WINDOW~1\wbsrv.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
جزاك الله خيرا
لعل الله يجعلك سببا للحل لأن الفورمات مصيبة بالنسية لي
علما أنما أسوي تحديث للكاسبر الجهاز ينشقلب حاله
وصفحات النت تنشقلب
والكاسبر ما يبطل يعمل أصوات
الحنون
زيزوومى محترف
غير متصل
متيم اسعد الله مسائك اخي العزيز اليك هذه الأدوات متخصصة في القضاء على الفيروسات التي من النوع هذا
حملها وابحث وان شاء الله تدعيلي
.....
حمل هذه الادوات
حمل هذه الادوات
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او جرب جميع الادوات هنا متخصصة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او جرب هذه الأدوات
من
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
جربها وعطني النتيجة تقبل ارق تحية قلبية
توقيع : الحنون
الحنون
زيزوومى محترف
غير متصل
الله يبارك فيك ويسلمك
حمل الملف هذا وقم بتشغيله ... لحظات وينعاد تشغيل الجهاز تلقائيا
بعد اعادة التشغيل ... يظهر لك تقرير انسخه والصقه بردك القادم
حمل الملف هذا وقم بتشغيله ... لحظات وينعاد تشغيل الجهاز تلقائيا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد اعادة التشغيل ... يظهر لك تقرير انسخه والصقه بردك القادم
إن شاء الله حااااااااضرررررر
التقرير هو
Logfile of The Avenger Version 2.0, (c) by Swandog46
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File "C:\MicroSoft.bat" deleted successfully.
File "C:\MicroSoft.vbs" deleted successfully.
File "C:\WINDOWS\iun6002.exe" deleted successfully.
File "C:\WINDOWS\AppPatch\AcXtrnel.dll" deleted successfully.
File "C:\WINDOWS\AppPatch\Jview.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
هايجاك
Logfile of HijackThis v1.99.1
Scan saved at 09:08:04 م, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{50E0AD2F-0962-4845-9C0D-FA3B9F6172CD}: NameServer = 127.0.0.1,213.131.66.246
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\~1\WINDOW~1\wbsrv.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of The Avenger Version 2.0, (c) by Swandog46
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File "C:\MicroSoft.bat" deleted successfully.
File "C:\MicroSoft.vbs" deleted successfully.
File "C:\WINDOWS\iun6002.exe" deleted successfully.
File "C:\WINDOWS\AppPatch\AcXtrnel.dll" deleted successfully.
File "C:\WINDOWS\AppPatch\Jview.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
هايجاك
Logfile of HijackThis v1.99.1
Scan saved at 09:08:04 م, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{50E0AD2F-0962-4845-9C0D-FA3B9F6172CD}: NameServer = 127.0.0.1,213.131.66.246
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\~1\WINDOW~1\wbsrv.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe