هل جهازي مهكر ..

[سامر الليل]

السلام عليكم ورحمة الله وبركاته
الرجاء المساعدة
اذا فتحت ادارة المهام العمليات تطلع لي الشاشة هكذا .. هل جهازي مهكر ؟

 

[dяăģôŋ]

الاحتمالات كثيره اخوى
والافضل نتاكد

عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[سامر الليل]

تقرير اداة الفحص

ComboFix 08-09-10.04 - ميدو 09/11/2008 13:59:37.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1256.1.1025.18.471 [GMT 3:00]
Running from: C:\Users\ميدو\Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\kakle.dll
C:\Windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 11:04 --------- d-----w C:\Users\ميدو\AppData\Roaming\DMCache
2008-09-11 00:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 04:35 --------- d-----w C:\Program Files\Opera
2008-09-10 04:33 --------- d-----w C:\Program Files\SweetIM
2008-09-10 04:32 --------- d-----w C:\Program Files\Trillian
2008-09-08 20:14 --------- d-----w C:\Users\ميدو\AppData\Roaming\Avant Profiles
2008-09-08 20:14 --------- d-----w C:\Program Files\Avant Browser
2008-09-08 20:08 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-08 00:45 --------- d-----w C:\Program Files\MessengerDiscovery
2008-09-08 00:30 --------- d-----w C:\Program Files\Windows Live
2008-09-08 00:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-07 23:58 --------- d-----w C:\ProgramData\WLInstaller
2008-09-07 21:39 --------- d-----w C:\ProgramData\SweetIM
2008-09-07 21:24 --------- d-----w C:\Users\ميدو\AppData\Roaming\Thinstall
2008-09-07 20:13 --------- d-----w C:\Users\ميدو\AppData\Roaming\IDM
2008-09-07 05:30 --------- d-----w C:\Users\ميدو\AppData\Roaming\zyzprivacy
2008-09-07 03:04 737,280 ----a-w C:\Windows\iun6002.exe
2008-09-06 23:16 --------- d-----w C:\Users\ميدو\AppData\Roaming\CyberScrub
2008-09-06 22:43 --------- d-----w C:\ProgramData\Avira
2008-09-06 17:29 71,464 ----a-w C:\Windows\system32\drivers\avfwim.sys
2008-09-06 17:29 66,176 ----a-w C:\Windows\system32\drivers\avfwot.sys
2008-09-06 16:54 --------- d-----w C:\Program Files\Avira
2008-09-06 05:23 --------- d-----w C:\Program Files\MSBuild
2008-09-06 05:23 --------- d-----w C:\Program Files\Microsoft Works
2008-09-06 05:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-06 05:17 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-06 04:41 --------- d-----w C:\Program Files\YCIII
2008-09-06 04:37 155,995 ----a-w C:\Windows\Java\Packages\IAR7DBRR.ZIP
2008-09-06 03:44 --------- d-----w C:\Program Files\Common Files\Windows Live
2008-09-05 21:03 --------- d-----w C:\Program Files\Cain
2008-09-05 19:37 --------- d-----w C:\Program Files\Frameworkx
2008-09-05 18:57 --------- d-----w C:\Users\ميدو\AppData\Roaming\Paltalk
2008-09-05 18:57 --------- d-----w C:\Program Files\VideoLAN
2008-09-05 18:57 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-05 18:41 --------- d-----w C:\Program Files\Quran 4.0
2008-09-05 04:40 268,800 ----a-w C:\Windows\System32\es.dll
2008-09-05 04:38 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-09-04 20:51 --------- d-----w C:\Users\ميدو\AppData\Roaming\.wyzo
2008-09-04 08:02 174 --sha-w C:\Program Files\desktop.ini
2008-09-04 07:57 --------- d-----w C:\Program Files\Windows Mail
2008-09-04 07:57 --------- d-----w C:\Program Files\Windows Calendar
2008-09-04 07:56 --------- d-----w C:\Program Files\Windows Defender
2008-09-04 07:43 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-09-04 07:43 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-09-04 07:43 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-09-04 07:43 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-09-04 07:41 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-09-04 07:41 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-09-04 07:41 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-09-04 07:41 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-09-04 07:41 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-09-04 07:41 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-09-04 07:39 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-09-04 07:39 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-09-04 07:39 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-09-04 07:36 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-09-04 07:36 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-09-04 07:36 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-09-04 07:36 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-09-04 07:36 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-09-04 07:36 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-09-04 07:36 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-09-04 07:36 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-09-04 07:36 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-09-04 07:36 2,923,520 ----a-w C:\Windows\explorer.exe
2008-09-04 07:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-09-04 07:34 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-09-04 07:32 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-09-04 07:32 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-09-04 07:25 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-09-04 07:25 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-09-04 07:24 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-09-04 07:22 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-09-04 07:20 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-09-04 07:19 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-09-04 07:19 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-09-04 07:19 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-09-04 07:19 356,864 ----a-w C:\Windows\System32\MediadataHandler.dll
2008-09-04 07:18 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-09-04 07:18 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-09-04 07:18 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-09-04 07:18 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-09-04 07:18 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-09-04 07:18 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-09-04 07:18 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-09-04 07:18 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-09-04 07:18 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-09-04 07:15 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-09-04 07:15 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-04 07:15 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-04 07:15 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-09-04 07:15 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-09-04 07:15 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-09-04 07:15 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-09-04 07:15 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-09-04 07:15 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-09-04 07:14 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-09-04 07:14 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-09-04 07:13 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-09-04 07:13 8,704 ----a-w C:\Windows\System32\hccoin.dll
2001-09-11 16:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2001-09-11 16:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2001-09-11 16:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\s\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/04/2008 09:13 AM 1232896]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/28/2008 10:02 PM 2610608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 03:33 PM 201728]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/04/2008 06:41 AM 185896]
"SlipStream"="C:\Program Files\ONSPEED\onspeedcore.exe" [10/19/2007 05:50 AM 344064]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [09/06/2008 08:29 PM 262401]
"SoundMan"="SOUNDMAN.EXE" [03/09/2007 04:28 PM 598016 C:\Windows\SOUNDMAN.EXE]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ONSPEED.lnk - C:\Program Files\ONSPEED\onspeedgui.exe [2008-09-04 229376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 08/24/2007 07:00 AM 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E70B8417-B77D-4EC3-840A-278C3163875F}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{8B45A62E-2471-4F1F-AD07-FE844B093400}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{09A3C406-1725-4940-B2B1-1A8FC2F011E9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{924CAEA9-3DFC-418C-A18D-350E0E0208B3}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DB325F1A-F4D2-4871-A0B3-52D95900D869}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD5131B3-3EEC-4A65-8BE1-36ECD94E5065}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ACF5F5AA-C5B6-4A49-B8F2-C9C6F96C492B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F53E70FC-98D9-4602-BCDA-904017EDCA44}"= Disabled:UDP:C:\Users\ميدو\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer
"{27A82DAA-04F4-4722-8361-ED9200C411DC}"= Disabled:TCP:C:\Users\ميدو\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys [09/06/2008 08:29 PM 66176]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [09/06/2008 08:29 PM 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [09/06/2008 08:29 PM 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [09/06/2008 08:29 PM 254209]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [09/06/2008 08:29 PM 41217]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys [09/06/2008 08:29 PM 71464]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f04d423-7a2a-11dd-993e-001c25de5d67}]
\shell\AutoRun\command - G:\njibyekk.com
\shell\explore\Command - G:\njibyekk.com
\shell\open\Command - G:\njibyekk.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9881d040-7a29-11dd-bf17-806e6f6e6963}]
\shell\AutoRun\command - F:\setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\ميدو\AppData\Roaming\Mozilla\Firefox\Profiles\swbu5oop.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-11 14:04:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/11/2008 14:05:48
ComboFix-quarantined-files.txt 2008-09-11 11:05:40
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 16,163,323,904 bytes free
202 --- E O F --- 2008-09-11 00:07:18
​

 

[dяăģôŋ]

شغلت الاداة الأولى وطلع لي هالمربع

ضغطت موافق اختفت الاداة !!

تاكد انك مقفل برنامج الحمايه اولا ونزل الاداة مره اخرى

واذا عندك فيستا

رايت كلك على الاداة واختر تشغيل كمسؤل​

 

[سامر الليل]

تقرير الهايجاك


Logfile of HijackThis v1.99.1
Scan saved at 02:17:17 م, on 11/09/08
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\ONSPEED\onspeedcore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\DEA5~1\AppData\Local\Temp\Rar$EX00.516\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

[dяăģôŋ]

حدد التالى

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O11 - Options group: [INTERNATIONAL] International*

O13 - Gopher Prefix

نزل الاداة هذى

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دبل كلك على الاداة تظهر لك الشاشة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم باختيار مايناسبك وتريد مسحه ثم اضغط OK










بتنظار النتائج​