- بادئ الموضوع الحيران
- تاريخ البدء
- 1,026
رساله ان قاعدة البيانات قديمه
يعني البرنامج لازم يتحدث
اذا ماقبل التحديث
فعندك مشكله
ممكن المفتاح يكون بلاك ليست
وتاكد من وقت وتاريخ الجهاز
اذا بغيت مفتاح جديد
زر الموضوع وحمل الصالح لنسختك
واذا مازبط معك اللي راح
حمل الاداه واتبع الشرح وان شاء الله يزبط معك
يعني البرنامج لازم يتحدث
اذا ماقبل التحديث
فعندك مشكله
ممكن المفتاح يكون بلاك ليست
وتاكد من وقت وتاريخ الجهاز
اذا بغيت مفتاح جديد
زر الموضوع وحمل الصالح لنسختك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
واذا مازبط معك اللي راح
حمل الاداه واتبع الشرح وان شاء الله يزبط معك
مشاكل التحديث للبرنامج
أولااً / يجب التأكد من تاريخ ووقت الجهاز
اذا لم ينفع
استخدم هذه الاداة لحل مشاكل التحديث لبرامج الكاسبرسكي ,,
الحجم : 250 كيلوبايت
التوافق : فقط ويندوز اكسبي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,
بعدها اعمل خروج من البرنامج
الآن قم بتشغيل الاداة ,,,
وبعد الانتهاء من العملية بشكل تلقائي سوف تفعل الحمايه التلقائيه للكاسبر
اذا لم ينفع السابق ,,
اعد تثبيت البرنامج باستخدام هذه الاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
توقيع : ف ا ر س
تأييد
0
اولا اشكرك كل من رد والله يجزكم خير
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:16 م, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\xxx\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\xxx\LOCALS~1\Temp\bntoz\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\Tray one.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GPL DRV] C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 3496 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 832
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 11/06/1429 12:10:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 372 K
Mem Usage Peak : 464 K
Page Faults : 212
Pagefile Usage : 164 K
Pagefile Peak Usage : 1640 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 940
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 11/06/1429 12:10:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4440 K
Mem Usage Peak : 5308 K
Page Faults : 4524
Pagefile Usage : 1868 K
Pagefile Peak Usage : 4592 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 964
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 501,248
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:33 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3904 K
Mem Usage Peak : 12916 K
Page Faults : 5771
Pagefile Usage : 6492 K
Pagefile Peak Usage : 8332 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1008
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3992 K
Mem Usage Peak : 4180 K
Page Faults : 1511
Pagefile Usage : 2040 K
Pagefile Peak Usage : 2432 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1020
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1532 K
Mem Usage Peak : 6024 K
Page Faults : 2017
Pagefile Usage : 3904 K
Pagefile Peak Usage : 4016 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1172
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:36 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4868 K
Mem Usage Peak : 4916 K
Page Faults : 1334
Pagefile Usage : 3220 K
Pagefile Peak Usage : 23472 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1264
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:37 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4088 K
Mem Usage Peak : 4088 K
Page Faults : 1151
Pagefile Usage : 1888 K
Pagefile Peak Usage : 1900 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1416
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:38 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 21584 K
Mem Usage Peak : 24792 K
Page Faults : 11209
Pagefile Usage : 13824 K
Pagefile Peak Usage : 18520 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1480
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:38 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3240 K
Mem Usage Peak : 3384 K
Page Faults : 1103
Pagefile Usage : 1404 K
Pagefile Peak Usage : 1564 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1600
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:39 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4388 K
Mem Usage Peak : 4404 K
Page Faults : 1158
Pagefile Usage : 1880 K
Pagefile Peak Usage : 1928 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1832
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4472 K
Mem Usage Peak : 4516 K
Page Faults : 1267
Pagefile Usage : 3288 K
Pagefile Peak Usage : 3440 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 288
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,029,632
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 11/06/1429 12:10:50 م
Visible Windows : 2
Hidden Windows : 19
User Name : XXX-02C3F535C48\xxx
Mem Usage : 26452 K
Mem Usage Peak : 27276 K
Page Faults : 10671
Pagefile Usage : 17588 K
Pagefile Peak Usage : 20952 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 380
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 24380 K
Mem Usage Peak : 59724 K
Page Faults : 106229
Pagefile Usage : 45252 K
Pagefile Peak Usage : 78260 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 776
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title : Kaspersky Internet Security 7.0
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:57 م
Visible Windows : 1
Hidden Windows : 4
User Name : XXX-02C3F535C48\xxx
Mem Usage : 3716 K
Mem Usage Peak : 8532 K
Page Faults : 10569
Pagefile Usage : 6440 K
Pagefile Peak Usage : 6560 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 812
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.4279
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 10/06/1429 03:46:06 م
File Modified Date : 10/06/1429 03:46:08 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:57 م
Visible Windows : 0
Hidden Windows : 1
User Name : XXX-02C3F535C48\xxx
Mem Usage : 280 K
Mem Usage Peak : 2592 K
Page Faults : 3444
Pagefile Usage : 968 K
Pagefile Peak Usage : 1004 K
File Attributes : A
==================================================
==================================================
Process Name : MsnMsgr.Exe
ProcessID : 824
Priority : Normal
Product Name : Messenger
Version : 8.5.1288.0816
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,728,112
File Created Date : 03/08/1428 01:19:34 م
File Modified Date : 03/08/1428 01:19:34 م
Filename : C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:57 م
Visible Windows : 1
Hidden Windows : 25
User Name : XXX-02C3F535C48\xxx
Mem Usage : 6608 K
Mem Usage Peak : 56476 K
Page Faults : 40841
Pagefile Usage : 28116 K
Pagefile Peak Usage : 35704 K
File Attributes : A
==================================================
==================================================
Process Name : GoogleToolbarNotifier.exe
ProcessID : 856
Priority : Normal
Product Name : GoogleToolbarNotifier
Version : 1, 2, 1128, 5462
Description : GoogleToolbarNotifier
Company : Google Inc.
Window Title :
File Size : 171,448
File Created Date : 10/06/1429 03:44:43 م
File Modified Date : 10/06/1429 03:44:44 م
Filename : C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:58 م
Visible Windows : 0
Hidden Windows : 2
User Name : XXX-02C3F535C48\xxx
Mem Usage : 1980 K
Mem Usage Peak : 4624 K
Page Faults : 1660
Pagefile Usage : 2772 K
Pagefile Peak Usage : 2788 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 896
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 93,184
File Created Date : 10/06/1429 02:14:51 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:58 م
Visible Windows : 0
Hidden Windows : 1
User Name : XXX-02C3F535C48\xxx
Mem Usage : 13112 K
Mem Usage Peak : 13212 K
Page Faults : 15706
Pagefile Usage : 28300 K
Pagefile Peak Usage : 28320 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1084
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 93,184
File Created Date : 10/06/1429 02:14:51 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:59 م
Visible Windows : 0
Hidden Windows : 1
User Name : XXX-02C3F535C48\xxx
Mem Usage : 8664 K
Mem Usage Peak : 8676 K
Page Faults : 2249
Pagefile Usage : 19452 K
Pagefile Peak Usage : 19452 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 1564
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:11:19 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3356 K
Mem Usage Peak : 3364 K
Page Faults : 870
Pagefile Usage : 1212 K
Pagefile Peak Usage : 1224 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 3204
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : الى من يشكك في قاضينـــآ - منتديات ولايف - Microsoft Internet Explorer
File Size : 93,184
File Created Date : 10/06/1429 02:14:51 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:11:55 م
Visible Windows : 1
Hidden Windows : 15
User Name : XXX-02C3F535C48\xxx
Mem Usage : 1792 K
Mem Usage Peak : 40180 K
Page Faults : 39381
Pagefile Usage : 34736 K
Pagefile Peak Usage : 37712 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 3968
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : زيزوووم للأمن والحمايه - الرد على المشاركة - Microsoft Internet Explorer
File Size : 93,184
File Created Date : 10/06/1429 02:14:51 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:13:01 م
Visible Windows : 2
Hidden Windows : 28
User Name : XXX-02C3F535C48\xxx
Mem Usage : 10868 K
Mem Usage Peak : 28896 K
Page Faults : 29680
Pagefile Usage : 23772 K
Pagefile Peak Usage : 27768 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 2972
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 11/06/1429 09:17:03 ص
File Modified Date : 23/01/1429 10:24:26 م
Filename : C:\DOCUME~1\xxx\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:17:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : XXX-02C3F535C48\xxx
Mem Usage : 1976 K
Mem Usage Peak : 1992 K
Page Faults : 567
Pagefile Usage : 700 K
Pagefile Peak Usage : 768 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2984
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 11/06/1429 12:17:04 م
Visible Windows : 0
Hidden Windows : 1
User Name : XXX-02C3F535C48\xxx
Mem Usage : 2708 K
Mem Usage Peak : 2776 K
Page Faults : 770
Pagefile Usage : 2072 K
Pagefile Peak Usage : 2148 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 3420
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 10/06/1429 02:12:59 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:17:08 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5440 K
Mem Usage Peak : 5440 K
Page Faults : 1391
Pagefile Usage : 2924 K
Pagefile Peak Usage : 2924 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3696
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 11/06/1429 09:17:02 ص
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\xxx\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:17:16 م
Visible Windows : 0
Hidden Windows : 0
User Name : XXX-02C3F535C48\xxx
Mem Usage : 2012 K
Mem Usage Peak : 2072 K
Page Faults : 730
Pagefile Usage : 904 K
Pagefile Peak Usage : 968 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP
"c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
7.00.0000.0125
c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe
CAMP SHIM EXIT HECK
C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\Tray one.exe
c:\documents and settings\all users\application data\that face camp shim\tray one.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.4279
c:\program files\common files\real\update_ob\realsched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Windows Live Messenger
Microsoft Corporation
8.05.1288.0816
c:\program files\windows live\messenger\msnmsgr.exe
GPL DRV
C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does.exe
c:\documents and settings\xxx\application data\bird live rect\poll does.exe
swg
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
GoogleToolbarNotifier
Google Inc.
1.02.1128.5462
c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
Task Scheduler
AAE0A553918F5A07.job
c:\docume~1\xxx\applic~1\birdli~1\RealBikeBait.exe
c:\documents and settings\xxx\application data\bird live rect\realbikebait.exe
.
هذا تقرير
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:16 م, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\xxx\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\xxx\LOCALS~1\Temp\bntoz\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [CAMP SHIM EXIT HECK] C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\Tray one.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GPL DRV] C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 3496 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 832
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 11/06/1429 12:10:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 372 K
Mem Usage Peak : 464 K
Page Faults : 212
Pagefile Usage : 164 K
Pagefile Peak Usage : 1640 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 940
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 11/06/1429 12:10:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4440 K
Mem Usage Peak : 5308 K
Page Faults : 4524
Pagefile Usage : 1868 K
Pagefile Peak Usage : 4592 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 964
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 501,248
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:33 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3904 K
Mem Usage Peak : 12916 K
Page Faults : 5771
Pagefile Usage : 6492 K
Pagefile Peak Usage : 8332 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1008
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3992 K
Mem Usage Peak : 4180 K
Page Faults : 1511
Pagefile Usage : 2040 K
Pagefile Peak Usage : 2432 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1020
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1532 K
Mem Usage Peak : 6024 K
Page Faults : 2017
Pagefile Usage : 3904 K
Pagefile Peak Usage : 4016 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1172
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:36 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4868 K
Mem Usage Peak : 4916 K
Page Faults : 1334
Pagefile Usage : 3220 K
Pagefile Peak Usage : 23472 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1264
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:37 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4088 K
Mem Usage Peak : 4088 K
Page Faults : 1151
Pagefile Usage : 1888 K
Pagefile Peak Usage : 1900 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1416
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:38 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 21584 K
Mem Usage Peak : 24792 K
Page Faults : 11209
Pagefile Usage : 13824 K
Pagefile Peak Usage : 18520 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1480
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:38 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3240 K
Mem Usage Peak : 3384 K
Page Faults : 1103
Pagefile Usage : 1404 K
Pagefile Peak Usage : 1564 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1600
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:39 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4388 K
Mem Usage Peak : 4404 K
Page Faults : 1158
Pagefile Usage : 1880 K
Pagefile Peak Usage : 1928 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1832
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:10:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4472 K
Mem Usage Peak : 4516 K
Page Faults : 1267
Pagefile Usage : 3288 K
Pagefile Peak Usage : 3440 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 288
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,029,632
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 11/06/1429 12:10:50 م
Visible Windows : 2
Hidden Windows : 19
User Name : XXX-02C3F535C48\xxx
Mem Usage : 26452 K
Mem Usage Peak : 27276 K
Page Faults : 10671
Pagefile Usage : 17588 K
Pagefile Peak Usage : 20952 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 380
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 24380 K
Mem Usage Peak : 59724 K
Page Faults : 106229
Pagefile Usage : 45252 K
Pagefile Peak Usage : 78260 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 776
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title : Kaspersky Internet Security 7.0
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:57 م
Visible Windows : 1
Hidden Windows : 4
User Name : XXX-02C3F535C48\xxx
Mem Usage : 3716 K
Mem Usage Peak : 8532 K
Page Faults : 10569
Pagefile Usage : 6440 K
Pagefile Peak Usage : 6560 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 812
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.4279
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 10/06/1429 03:46:06 م
File Modified Date : 10/06/1429 03:46:08 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:57 م
Visible Windows : 0
Hidden Windows : 1
User Name : XXX-02C3F535C48\xxx
Mem Usage : 280 K
Mem Usage Peak : 2592 K
Page Faults : 3444
Pagefile Usage : 968 K
Pagefile Peak Usage : 1004 K
File Attributes : A
==================================================
==================================================
Process Name : MsnMsgr.Exe
ProcessID : 824
Priority : Normal
Product Name : Messenger
Version : 8.5.1288.0816
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,728,112
File Created Date : 03/08/1428 01:19:34 م
File Modified Date : 03/08/1428 01:19:34 م
Filename : C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:57 م
Visible Windows : 1
Hidden Windows : 25
User Name : XXX-02C3F535C48\xxx
Mem Usage : 6608 K
Mem Usage Peak : 56476 K
Page Faults : 40841
Pagefile Usage : 28116 K
Pagefile Peak Usage : 35704 K
File Attributes : A
==================================================
==================================================
Process Name : GoogleToolbarNotifier.exe
ProcessID : 856
Priority : Normal
Product Name : GoogleToolbarNotifier
Version : 1, 2, 1128, 5462
Description : GoogleToolbarNotifier
Company : Google Inc.
Window Title :
File Size : 171,448
File Created Date : 10/06/1429 03:44:43 م
File Modified Date : 10/06/1429 03:44:44 م
Filename : C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:58 م
Visible Windows : 0
Hidden Windows : 2
User Name : XXX-02C3F535C48\xxx
Mem Usage : 1980 K
Mem Usage Peak : 4624 K
Page Faults : 1660
Pagefile Usage : 2772 K
Pagefile Peak Usage : 2788 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 896
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 93,184
File Created Date : 10/06/1429 02:14:51 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:58 م
Visible Windows : 0
Hidden Windows : 1
User Name : XXX-02C3F535C48\xxx
Mem Usage : 13112 K
Mem Usage Peak : 13212 K
Page Faults : 15706
Pagefile Usage : 28300 K
Pagefile Peak Usage : 28320 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1084
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 93,184
File Created Date : 10/06/1429 02:14:51 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:10:59 م
Visible Windows : 0
Hidden Windows : 1
User Name : XXX-02C3F535C48\xxx
Mem Usage : 8664 K
Mem Usage Peak : 8676 K
Page Faults : 2249
Pagefile Usage : 19452 K
Pagefile Peak Usage : 19452 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 1564
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:11:19 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3356 K
Mem Usage Peak : 3364 K
Page Faults : 870
Pagefile Usage : 1212 K
Pagefile Peak Usage : 1224 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 3204
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : الى من يشكك في قاضينـــآ - منتديات ولايف - Microsoft Internet Explorer
File Size : 93,184
File Created Date : 10/06/1429 02:14:51 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:11:55 م
Visible Windows : 1
Hidden Windows : 15
User Name : XXX-02C3F535C48\xxx
Mem Usage : 1792 K
Mem Usage Peak : 40180 K
Page Faults : 39381
Pagefile Usage : 34736 K
Pagefile Peak Usage : 37712 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 3968
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : زيزوووم للأمن والحمايه - الرد على المشاركة - Microsoft Internet Explorer
File Size : 93,184
File Created Date : 10/06/1429 02:14:51 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:13:01 م
Visible Windows : 2
Hidden Windows : 28
User Name : XXX-02C3F535C48\xxx
Mem Usage : 10868 K
Mem Usage Peak : 28896 K
Page Faults : 29680
Pagefile Usage : 23772 K
Pagefile Peak Usage : 27768 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 2972
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 11/06/1429 09:17:03 ص
File Modified Date : 23/01/1429 10:24:26 م
Filename : C:\DOCUME~1\xxx\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:17:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : XXX-02C3F535C48\xxx
Mem Usage : 1976 K
Mem Usage Peak : 1992 K
Page Faults : 567
Pagefile Usage : 700 K
Pagefile Peak Usage : 768 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2984
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 09:00:00 ص
File Modified Date : 18/06/1425 09:00:00 ص
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 11/06/1429 12:17:04 م
Visible Windows : 0
Hidden Windows : 1
User Name : XXX-02C3F535C48\xxx
Mem Usage : 2708 K
Mem Usage Peak : 2776 K
Page Faults : 770
Pagefile Usage : 2072 K
Pagefile Peak Usage : 2148 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 3420
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 10/06/1429 02:12:59 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 11/06/1429 12:17:08 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5440 K
Mem Usage Peak : 5440 K
Page Faults : 1391
Pagefile Usage : 2924 K
Pagefile Peak Usage : 2924 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3696
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 11/06/1429 09:17:02 ص
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\xxx\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 11/06/1429 12:17:16 م
Visible Windows : 0
Hidden Windows : 0
User Name : XXX-02C3F535C48\xxx
Mem Usage : 2012 K
Mem Usage Peak : 2072 K
Page Faults : 730
Pagefile Usage : 904 K
Pagefile Peak Usage : 968 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP
"c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
7.00.0000.0125
c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe
CAMP SHIM EXIT HECK
C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\Tray one.exe
c:\documents and settings\all users\application data\that face camp shim\tray one.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.4279
c:\program files\common files\real\update_ob\realsched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Windows Live Messenger
Microsoft Corporation
8.05.1288.0816
c:\program files\windows live\messenger\msnmsgr.exe
GPL DRV
C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does.exe
c:\documents and settings\xxx\application data\bird live rect\poll does.exe
swg
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
GoogleToolbarNotifier
Google Inc.
1.02.1128.5462
c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
Task Scheduler
AAE0A553918F5A07.job
c:\docume~1\xxx\applic~1\birdli~1\RealBikeBait.exe
c:\documents and settings\xxx\application data\bird live rect\realbikebait.exe
.
هذا تقرير
تأييد
0
الله يجزك خير يالغالي ولاهنت جعل ولديك باالجنه
حذفت تولبار قوقل بس هذا وش لون احذفه
O4 - HKCU\..\Run: [GPL DRV] C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does
تأييد
0
حمل هذا البرنامج
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
يظهر لك مفكرة قفلها وابحث عن القيمة الموجوده لديك وهي
O4 - HKCU\..\Run: [GPL DRV] C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does
واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
يظهر لك مفكرة قفلها وابحث عن القيمة الموجوده لديك وهي
O4 - HKCU\..\Run: [GPL DRV] C:\DOCUME~1\xxx\APPLIC~1\BIRDLI~1\Poll Does
واتبع الشرح التالي
تأييد
0
تأكدت؟
تأييد
0
- الحالة