afalcon8
زيزوومي نشيط
غير متصل
- بادئ الموضوع afalcon8
- تاريخ البدء
- 955
الديبلوماسي
زيزوومى فضى
غير متصل
يالغالي :
الظاهر مالها إلى فورمات والله أعلم .
لكن أنصحك بالباك 3 ، شوف لك نسخه غير معدله وان شاء الله مامنها مشاكل أبد .
فيها تحديثات وترقيعات أمنيه مهمه للمستخدم .
وعلمنا وش هي مشاكلك الحين مع الباك 3 ؟؟
توقيع : الديبلوماسي
تأييد
0
afalcon8
زيزوومي نشيط
غير متصل
الله يعطيك العافيه ياالنشمي
عندي الاكسبلور ماني قادر اخليه عربي
واخوك في الانجليزي ميح
القرص المحلي d ما طلع مع الفرمته
البريد ماني قادر افتحه مع العلم إني بقية الايميلات ادخلها بدون مشاكل
الساعه والتاريخ اعدلهم بدون ما يتغير في الساعه شىء
وتبقى مثل ماهي على الوقت إللي سويته
واشكرك اخي الكريم على بادرتك
عندي الاكسبلور ماني قادر اخليه عربي
واخوك في الانجليزي ميح
القرص المحلي d ما طلع مع الفرمته
البريد ماني قادر افتحه مع العلم إني بقية الايميلات ادخلها بدون مشاكل
الساعه والتاريخ اعدلهم بدون ما يتغير في الساعه شىء
وتبقى مثل ماهي على الوقت إللي سويته
واشكرك اخي الكريم على بادرتك
توقيع : afalcon8
تأييد
0
الديبلوماسي
زيزوومى فضى
غير متصل
حياك .. ياخي مشكلتك بسيطه ان شاء الله والخبرا موجودين بالمنتدى ، وان شاء الله مايقصرون .
..
الحين طبق هذا ، وانتظر الشباب << راح يتعشا حياك :d:
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : الديبلوماسي
تأييد
0
afalcon8
زيزوومي نشيط
غير متصل
هذا التقرير اخي الكريم
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:00, on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7915 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:00, on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7915 bytes
توقيع : afalcon8
تأييد
0
بعد أذن الغالي ابو ريما
أعمل التالي
عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
أو
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وبعدها هات هايجاك جديد لا هنت
أعمل التالي
عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
أو
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وبعدها هات هايجاك جديد لا هنت
توقيع : أعتز بك
تأييد
0
afalcon8
زيزوومي نشيط
غير متصل
اعتز بك
الله لا يحرمنا وجودك ياطيب
وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:23:47, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8211 bytes
الله لا يحرمنا وجودك ياطيب
وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:23:47, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8211 bytes
توقيع : afalcon8
تأييد
0
الديبلوماسي
زيزوومى فضى
غير متصل
يالغلااا :
اعذرني تأخرت ، المشرف ماطلب منك هالتقرير .
الحين طلبي أنا غير ، وطلبه غير .
طلبي أنا للتقرير هذا اللي انت حطيته ، وهو طلب تقرير الكومبوفكس ..
انت حمل الأداة اللي برد المشرف ، وشغله حسب التعليمات وعطنا التقرير .
اعذرني تأخرت ، المشرف ماطلب منك هالتقرير .
الحين طلبي أنا غير ، وطلبه غير .
طلبي أنا للتقرير هذا اللي انت حطيته ، وهو طلب تقرير الكومبوفكس ..
انت حمل الأداة اللي برد المشرف ، وشغله حسب التعليمات وعطنا التقرير .
توقيع : الديبلوماسي
تأييد
0
afalcon8
زيزوومي نشيط
غير متصل
اهلين ديبلوماسي
صباح الخير
اتفضل هذا التقرير
ComboFix 09-05-18.02 - PC - DISKTOP 05/19/2009 9:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.511.186 [GMT 3:00]
Running from: c:\documents and settings\PC - DISKTOP\My Documents\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\taskmgr.com
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-19 04:23 . 2009-05-19 04:23 -------- d-----w c:\documents and settings\PC - DISKTOP\.jpi_cache
2009-05-19 04:23 . 2009-05-19 04:23 -------- d-----w c:\documents and settings\PC - DISKTOP\.java
2009-05-19 02:18 . 2008-04-14 02:42 53760 ----a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-19 02:18 . 2008-04-14 02:42 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-19 02:16 . 2004-08-09 14:43 94208 ----a-w c:\windows\amcap.exe
2009-05-19 02:16 . 2005-11-04 12:05 90112 ----a-w c:\windows\tsnpstd3.exe
2009-05-19 02:16 . 2006-09-19 06:07 827392 ----a-w c:\windows\vsnpstd3.exe
2009-05-19 02:16 . 2007-03-27 15:19 10252544 ----a-w c:\windows\system32\drivers\snpstd3.sys
2009-05-19 02:16 . 2005-09-12 14:48 61440 ----a-w c:\windows\system32\rsnpstd3.dll
2009-05-19 02:16 . 2005-11-23 09:55 53248 ----a-w c:\windows\system32\csnpstd3.dll
2009-05-19 02:16 . 2007-03-12 08:41 61440 ----a-w c:\windows\system32\vsnpstd3.dll
2009-05-19 02:16 . 2004-12-08 15:40 20480 ----a-w c:\windows\usnpstd3.exe
2009-05-19 02:16 . 2009-05-19 02:16 -------- d-----w c:\program files\Common Files\snpstd3
2009-05-19 02:15 . 2005-10-03 08:23 20480 ------w c:\windows\CameraFixer.exe
2009-05-18 21:34 . 2009-05-18 21:34 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-18 20:13 . 2009-05-18 20:13 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\TuneUp Software
2009-05-18 20:13 . 2009-05-18 20:13 306432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-18 20:13 . 2007-12-20 07:41 29440 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-18 20:12 . 2009-05-18 20:12 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-18 20:12 . 2009-05-18 20:13 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-05-18 19:49 . 2006-07-22 20:49 5376 ----a-w c:\windows\system32\antiwpa.dll
2009-05-18 19:10 . 2009-05-18 19:10 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-18 18:23 . 2009-05-18 18:23 -------- d-----w c:\program files\Trend Micro
2009-05-18 18:17 . 2009-05-18 18:18 -------- d-----w c:\windows\system32\NtmsData
2009-05-18 17:54 . 2009-05-18 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-18 17:29 . 2009-05-18 17:29 -------- d-----w c:\program files\Common Files\Adobe
2009-05-18 17:20 . 2009-05-18 17:20 -------- d-----w c:\windows\system32\xircom
2009-05-18 17:20 . 2009-05-18 17:20 -------- d-----w c:\program files\microsoft frontpage
2009-05-18 17:08 . 2008-04-14 12:00 135680 ----a-w c:\windows\system32\T.COM
2009-05-18 17:08 . 2008-04-14 12:00 146432 ----a-w c:\windows\R.COM
2009-05-18 16:51 . 2009-05-18 16:51 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\zzMicroWorld_Anti_Virus
2009-05-18 09:56 . 2008-04-13 22:41 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-18 09:56 . 2008-04-13 17:09 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-05-18 09:55 . 2009-05-18 09:55 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-18 09:52 . 2009-05-18 09:52 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-17 10:37 . 2009-05-18 17:28 -------- d-----w c:\documents and settings\PC - DISKTOP\Local Settings\Application Data\Adobe
2009-05-17 09:43 . 2009-05-17 09:43 -------- d-----w c:\documents and settings\PC - DISKTOP\.javaws
2009-05-17 09:43 . 2009-05-17 09:43 -------- d-----w c:\program files\Java Web Start
2009-05-17 09:43 . 2009-05-17 09:43 -------- d-----w c:\program files\Java
2009-05-17 09:43 . 2009-05-18 07:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-17 09:42 . 2009-05-19 02:15 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-16 21:27 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-16 21:21 . 2009-05-16 21:21 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\HP
2009-05-16 21:21 . 2009-05-16 21:21 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-05-16 21:20 . 2009-05-16 21:20 -------- d-----w c:\program files\Common Files\HP
2009-05-16 21:18 . 2009-05-16 21:19 -------- d-----w c:\program files\Hewlett-Packard
2009-05-16 21:18 . 2009-05-16 21:18 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-05-16 21:17 . 2006-04-12 10:04 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-16 21:17 . 2006-04-12 10:04 49664 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-05-16 21:17 . 2006-01-03 17:12 77824 ----a-r c:\windows\system32\HPZIDS01.dll
2009-05-16 21:17 . 2006-04-10 11:03 48128 ----a-w c:\windows\system32\hpzll054.dll
2009-05-16 21:16 . 2008-04-13 21:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-16 21:16 . 2006-03-03 18:02 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-05-16 21:16 . 2006-03-03 18:02 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-05-16 21:16 . 2006-03-03 18:02 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-05-16 21:16 . 2006-03-03 18:03 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-05-16 21:16 . 2006-03-03 18:03 65536 ----a-w c:\windows\system32\HPZinw12.exe
2009-05-16 21:16 . 2006-03-03 18:03 282680 ----a-w c:\windows\system32\HPZidr12.dll
2009-05-16 21:16 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-16 21:15 . 2009-05-17 09:44 -------- d-----w c:\program files\HP
2009-05-16 21:14 . 2008-04-13 21:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-16 21:14 . 2008-04-13 21:15 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-16 21:13 . 2009-05-16 21:22 128315 ----a-w c:\windows\hpoins11.dat
2009-05-16 19:16 . 2009-05-16 19:16 -------- d-----w c:\program files\MSXML 4.0
2009-05-16 18:59 . 2009-05-18 18:44 -------- d-----w C:\Downloads
2009-05-16 17:39 . 2009-05-16 17:39 -------- d-----w c:\program files\Common Files\xing shared
2009-05-16 17:10 . 2008-06-13 11:05 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-16 17:10 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-16 17:08 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-05-16 17:08 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-16 17:07 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-05-16 17:07 . 2008-05-01 14:33 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-16 17:07 . 2008-04-11 19:04 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-16 17:04 . 2008-10-03 10:02 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-05-16 17:04 . 2008-10-15 16:34 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-16 17:04 . 2008-09-04 17:15 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-16 17:02 . 2009-05-19 06:56 -------- d-----w c:\windows\system32\CatRoot2
2009-05-16 17:01 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-16 17:01 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-16 16:55 . 2009-05-16 16:55 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\CyberScrub
2009-05-16 16:55 . 2009-05-18 16:47 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\cleaner
2009-05-16 16:37 . 2008-07-09 07:38 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-16 16:04 . 2009-05-16 16:04 -------- d-----w c:\windows\speech
2009-05-16 16:03 . 2009-05-16 16:03 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-05-16 15:52 . 2009-05-16 15:52 -------- d-----w c:\program files\VS Revo Group
2009-05-16 15:48 . 2001-08-17 10:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-16 15:48 . 2008-04-13 21:15 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-16 14:41 . 2009-05-16 14:41 -------- d-----w c:\documents and settings\PC - DISKTOP\Local Settings\Application Data\Identities
2009-05-16 14:40 . 2009-05-16 14:40 -------- d-----w c:\documents and settings\PC - DISKTOP\Local Settings\Application Data\Ahead
2009-05-16 14:38 . 2009-05-16 14:38 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\Ahead
2009-05-16 14:37 . 2009-05-16 14:37 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-05-16 11:33 . 2008-04-14 00:15 6272 ----a-w c:\windows\system32\drivers\splitter.sys
2009-05-16 11:33 . 2008-04-13 22:09 142592 ----a-w c:\windows\system32\drivers\aec.sys
2009-05-16 11:33 . 2008-04-14 00:15 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys
2009-05-16 11:33 . 2008-04-14 00:09 4992 ----a-w c:\windows\system32\drivers\MSPQM.sys
2009-05-16 11:33 . 2008-04-14 00:15 56576 ----a-w c:\windows\system32\drivers\swmidi.sys
2009-05-16 11:32 . 2008-04-14 00:15 52864 ----a-w c:\windows\system32\drivers\DMusic.sys
2009-05-16 11:32 . 2008-04-14 00:09 7552 ----a-w c:\windows\system32\drivers\MSKSSRV.sys
2009-05-16 11:32 . 2008-04-14 00:47 83072 ----a-w c:\windows\system32\drivers\wdmaud.sys
2009-05-16 11:32 . 2008-04-14 00:15 172416 ----a-w c:\windows\system32\drivers\kmixer.sys
2009-05-16 11:32 . 2008-04-14 00:09 5376 ----a-w c:\windows\system32\drivers\MSPCLOCK.sys
2009-05-16 11:32 . 2008-04-14 00:45 60800 ----a-w c:\windows\system32\drivers\sysaudio.sys
2009-05-16 11:32 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-16 11:31 . 2008-04-14 00:10 57600 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-16 11:31 . 2008-04-13 23:53 685056 ----a-w c:\windows\system32\drivers\HSFCXTS2.sys
2009-05-16 11:31 . 2008-04-13 23:53 11868 ----a-w c:\windows\system32\drivers\mdmxsdk.sys
2009-05-16 11:31 . 2008-04-14 05:41 32285 ----a-w c:\windows\system32\HSFCISP2.dll
2009-05-16 11:31 . 2008-04-14 05:41 86016 ----a-w c:\windows\system32\mdmxsdk.dll
2009-05-16 11:31 . 2008-04-13 23:53 220032 ----a-w c:\windows\system32\drivers\HSFBS2S2.sys
2009-05-16 11:31 . 2008-04-13 23:53 1041536 ----a-w c:\windows\system32\drivers\HSFDPSP2.sys
2009-05-16 11:31 . 2008-04-14 00:15 10624 ----a-w c:\windows\system32\drivers\gameenum.sys
2009-05-16 11:30 . 2001-08-17 12:11 66591 ----a-w c:\windows\system32\drivers\el90xbc5.sys
2009-05-16 11:30 . 2008-04-14 00:06 42368 ----a-w c:\windows\system32\drivers\AGP440.SYS
2009-05-16 11:30 . 2008-04-14 05:42 74240 ----a-w c:\windows\system32\usbui.dll
2009-05-16 11:30 . 2008-04-14 00:49 146048 ----a-w c:\windows\system32\drivers\portcls.sys
2009-05-16 11:30 . 2008-04-14 02:41 4096 ----a-w c:\windows\system32\dllcache\ksuser.dll
2009-05-16 11:30 . 2008-04-14 02:41 4096 ----a-w c:\windows\system32\ksuser.dll
2009-05-16 11:30 . 2008-04-14 00:15 60160 ----a-w c:\windows\system32\drivers\drmk.sys
2009-05-16 11:25 . 2008-04-14 12:00 6656 ----a-r c:\windows\system32\kbdsl.dll
2009-05-16 11:23 . 2009-05-18 19:50 -------- d-----w c:\windows\system32\CatRoot
2009-05-16 11:23 . 2008-05-02 09:11 282725 ----a-w C:\DSPdsblr.exe
2009-05-16 11:23 . 2008-04-08 10:46 20992 ----a-w C:\makePNF.exe
2009-05-16 11:23 . 2008-04-08 10:46 137728 ----a-w C:\mute.exe
2009-05-16 11:23 . 2008-05-02 09:11 235131 ----a-w C:\pmtimer.exe
2009-05-16 11:23 . 2008-04-08 10:46 55808 ----a-w C:\devcon.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 21:37 . 2009-05-18 09:52 -------- d-----w c:\program files\Orbitdownloader
2009-05-18 09:52 . 2009-05-17 19:29 -------- d-----w c:\program files\Orbitdownloader(2)
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Microsoft
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Windows Live
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-16 17:39 . 2009-05-16 10:28 -------- d-----w c:\program files\Common Files\Real
2009-05-16 17:39 . 2009-05-16 10:28 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-16 17:39 . 2009-05-16 10:26 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-16 16:03 . 2009-05-16 10:13 172032 ------w c:\windows\Setup1.exe
2009-05-16 16:03 . 2009-05-16 10:13 73216 ----a-w c:\windows\ST6UNST.EXE
2009-05-16 15:53 . 2009-05-16 10:26 -------- d-----w c:\program files\VideoLAN
2009-05-16 14:35 . 2009-05-16 10:30 -------- d-----w c:\program files\Common Files\Ahead
2009-05-16 10:30 . 2009-05-16 10:30 -------- d-----w c:\program files\Nero
2009-05-16 10:28 . 2009-05-16 10:28 -------- d-----w c:\program files\Real
2009-05-16 10:25 . 2009-05-16 10:25 -------- d-----w c:\program files\ESET
2009-05-16 10:20 . 2009-05-16 10:20 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-16 10:16 . 2009-05-16 10:16 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-16 10:15 . 2009-05-16 04:45 99496 ----a-w c:\documents and settings\PC - DISKTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 05:14 . 2009-05-16 05:14 -------- d-----w c:\program files\Microsoft Works
2009-05-16 05:14 . 2009-05-16 05:14 -------- d-----w c:\program files\MSBuild
2009-05-16 05:09 . 2009-05-16 05:08 -------- d-----w c:\program files\Paltalk Messenger
2009-05-16 04:35 . 2009-05-16 04:35 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-16 04:35 . 2009-05-16 04:35 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2008-08-31 11:11 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-21 05:25 . 2008-12-31 14:04 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 18:09 . 2008-08-31 11:11 78336 ----a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-16 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-18 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-19 1719496]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^PC - DISKTOP^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\PC - DISKTOP\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/02/2008 07:11 ص 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21/12/2007 04:21 ص 468224]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [04/12/2008 12:03 م 226640]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-05-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:17]
2009-05-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-05-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
صباح الخير
اتفضل هذا التقرير
ComboFix 09-05-18.02 - PC - DISKTOP 05/19/2009 9:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.511.186 [GMT 3:00]
Running from: c:\documents and settings\PC - DISKTOP\My Documents\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\taskmgr.com
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-19 04:23 . 2009-05-19 04:23 -------- d-----w c:\documents and settings\PC - DISKTOP\.jpi_cache
2009-05-19 04:23 . 2009-05-19 04:23 -------- d-----w c:\documents and settings\PC - DISKTOP\.java
2009-05-19 02:18 . 2008-04-14 02:42 53760 ----a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-19 02:18 . 2008-04-14 02:42 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-19 02:16 . 2004-08-09 14:43 94208 ----a-w c:\windows\amcap.exe
2009-05-19 02:16 . 2005-11-04 12:05 90112 ----a-w c:\windows\tsnpstd3.exe
2009-05-19 02:16 . 2006-09-19 06:07 827392 ----a-w c:\windows\vsnpstd3.exe
2009-05-19 02:16 . 2007-03-27 15:19 10252544 ----a-w c:\windows\system32\drivers\snpstd3.sys
2009-05-19 02:16 . 2005-09-12 14:48 61440 ----a-w c:\windows\system32\rsnpstd3.dll
2009-05-19 02:16 . 2005-11-23 09:55 53248 ----a-w c:\windows\system32\csnpstd3.dll
2009-05-19 02:16 . 2007-03-12 08:41 61440 ----a-w c:\windows\system32\vsnpstd3.dll
2009-05-19 02:16 . 2004-12-08 15:40 20480 ----a-w c:\windows\usnpstd3.exe
2009-05-19 02:16 . 2009-05-19 02:16 -------- d-----w c:\program files\Common Files\snpstd3
2009-05-19 02:15 . 2005-10-03 08:23 20480 ------w c:\windows\CameraFixer.exe
2009-05-18 21:34 . 2009-05-18 21:34 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-18 20:13 . 2009-05-18 20:13 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\TuneUp Software
2009-05-18 20:13 . 2009-05-18 20:13 306432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-18 20:13 . 2007-12-20 07:41 29440 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-18 20:12 . 2009-05-18 20:12 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-18 20:12 . 2009-05-18 20:13 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-05-18 19:49 . 2006-07-22 20:49 5376 ----a-w c:\windows\system32\antiwpa.dll
2009-05-18 19:10 . 2009-05-18 19:10 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-18 18:23 . 2009-05-18 18:23 -------- d-----w c:\program files\Trend Micro
2009-05-18 18:17 . 2009-05-18 18:18 -------- d-----w c:\windows\system32\NtmsData
2009-05-18 17:54 . 2009-05-18 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-18 17:29 . 2009-05-18 17:29 -------- d-----w c:\program files\Common Files\Adobe
2009-05-18 17:20 . 2009-05-18 17:20 -------- d-----w c:\windows\system32\xircom
2009-05-18 17:20 . 2009-05-18 17:20 -------- d-----w c:\program files\microsoft frontpage
2009-05-18 17:08 . 2008-04-14 12:00 135680 ----a-w c:\windows\system32\T.COM
2009-05-18 17:08 . 2008-04-14 12:00 146432 ----a-w c:\windows\R.COM
2009-05-18 16:51 . 2009-05-18 16:51 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\zzMicroWorld_Anti_Virus
2009-05-18 09:56 . 2008-04-13 22:41 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-18 09:56 . 2008-04-13 17:09 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-05-18 09:55 . 2009-05-18 09:55 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-18 09:52 . 2009-05-18 09:52 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-17 10:37 . 2009-05-18 17:28 -------- d-----w c:\documents and settings\PC - DISKTOP\Local Settings\Application Data\Adobe
2009-05-17 09:43 . 2009-05-17 09:43 -------- d-----w c:\documents and settings\PC - DISKTOP\.javaws
2009-05-17 09:43 . 2009-05-17 09:43 -------- d-----w c:\program files\Java Web Start
2009-05-17 09:43 . 2009-05-17 09:43 -------- d-----w c:\program files\Java
2009-05-17 09:43 . 2009-05-18 07:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-17 09:42 . 2009-05-19 02:15 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-16 21:27 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-16 21:21 . 2009-05-16 21:21 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\HP
2009-05-16 21:21 . 2009-05-16 21:21 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-05-16 21:20 . 2009-05-16 21:20 -------- d-----w c:\program files\Common Files\HP
2009-05-16 21:18 . 2009-05-16 21:19 -------- d-----w c:\program files\Hewlett-Packard
2009-05-16 21:18 . 2009-05-16 21:18 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-05-16 21:17 . 2006-04-12 10:04 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-16 21:17 . 2006-04-12 10:04 49664 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-05-16 21:17 . 2006-01-03 17:12 77824 ----a-r c:\windows\system32\HPZIDS01.dll
2009-05-16 21:17 . 2006-04-10 11:03 48128 ----a-w c:\windows\system32\hpzll054.dll
2009-05-16 21:16 . 2008-04-13 21:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-16 21:16 . 2006-03-03 18:02 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-05-16 21:16 . 2006-03-03 18:02 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-05-16 21:16 . 2006-03-03 18:02 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-05-16 21:16 . 2006-03-03 18:03 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-05-16 21:16 . 2006-03-03 18:03 65536 ----a-w c:\windows\system32\HPZinw12.exe
2009-05-16 21:16 . 2006-03-03 18:03 282680 ----a-w c:\windows\system32\HPZidr12.dll
2009-05-16 21:16 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-16 21:15 . 2009-05-17 09:44 -------- d-----w c:\program files\HP
2009-05-16 21:14 . 2008-04-13 21:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-16 21:14 . 2008-04-13 21:15 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-16 21:13 . 2009-05-16 21:22 128315 ----a-w c:\windows\hpoins11.dat
2009-05-16 19:16 . 2009-05-16 19:16 -------- d-----w c:\program files\MSXML 4.0
2009-05-16 18:59 . 2009-05-18 18:44 -------- d-----w C:\Downloads
2009-05-16 17:39 . 2009-05-16 17:39 -------- d-----w c:\program files\Common Files\xing shared
2009-05-16 17:10 . 2008-06-13 11:05 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-16 17:10 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-16 17:08 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-05-16 17:08 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-16 17:07 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-05-16 17:07 . 2008-05-01 14:33 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-16 17:07 . 2008-04-11 19:04 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-16 17:04 . 2008-10-03 10:02 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-05-16 17:04 . 2008-10-15 16:34 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-16 17:04 . 2008-09-04 17:15 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-16 17:02 . 2009-05-19 06:56 -------- d-----w c:\windows\system32\CatRoot2
2009-05-16 17:01 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-16 17:01 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-16 16:55 . 2009-05-16 16:55 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\CyberScrub
2009-05-16 16:55 . 2009-05-18 16:47 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\cleaner
2009-05-16 16:37 . 2008-07-09 07:38 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-16 16:04 . 2009-05-16 16:04 -------- d-----w c:\windows\speech
2009-05-16 16:03 . 2009-05-16 16:03 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-05-16 15:52 . 2009-05-16 15:52 -------- d-----w c:\program files\VS Revo Group
2009-05-16 15:48 . 2001-08-17 10:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-16 15:48 . 2008-04-13 21:15 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-16 14:41 . 2009-05-16 14:41 -------- d-----w c:\documents and settings\PC - DISKTOP\Local Settings\Application Data\Identities
2009-05-16 14:40 . 2009-05-16 14:40 -------- d-----w c:\documents and settings\PC - DISKTOP\Local Settings\Application Data\Ahead
2009-05-16 14:38 . 2009-05-16 14:38 -------- d-----w c:\documents and settings\PC - DISKTOP\Application Data\Ahead
2009-05-16 14:37 . 2009-05-16 14:37 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-05-16 11:33 . 2008-04-14 00:15 6272 ----a-w c:\windows\system32\drivers\splitter.sys
2009-05-16 11:33 . 2008-04-13 22:09 142592 ----a-w c:\windows\system32\drivers\aec.sys
2009-05-16 11:33 . 2008-04-14 00:15 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys
2009-05-16 11:33 . 2008-04-14 00:09 4992 ----a-w c:\windows\system32\drivers\MSPQM.sys
2009-05-16 11:33 . 2008-04-14 00:15 56576 ----a-w c:\windows\system32\drivers\swmidi.sys
2009-05-16 11:32 . 2008-04-14 00:15 52864 ----a-w c:\windows\system32\drivers\DMusic.sys
2009-05-16 11:32 . 2008-04-14 00:09 7552 ----a-w c:\windows\system32\drivers\MSKSSRV.sys
2009-05-16 11:32 . 2008-04-14 00:47 83072 ----a-w c:\windows\system32\drivers\wdmaud.sys
2009-05-16 11:32 . 2008-04-14 00:15 172416 ----a-w c:\windows\system32\drivers\kmixer.sys
2009-05-16 11:32 . 2008-04-14 00:09 5376 ----a-w c:\windows\system32\drivers\MSPCLOCK.sys
2009-05-16 11:32 . 2008-04-14 00:45 60800 ----a-w c:\windows\system32\drivers\sysaudio.sys
2009-05-16 11:32 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-16 11:31 . 2008-04-14 00:10 57600 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-16 11:31 . 2008-04-13 23:53 685056 ----a-w c:\windows\system32\drivers\HSFCXTS2.sys
2009-05-16 11:31 . 2008-04-13 23:53 11868 ----a-w c:\windows\system32\drivers\mdmxsdk.sys
2009-05-16 11:31 . 2008-04-14 05:41 32285 ----a-w c:\windows\system32\HSFCISP2.dll
2009-05-16 11:31 . 2008-04-14 05:41 86016 ----a-w c:\windows\system32\mdmxsdk.dll
2009-05-16 11:31 . 2008-04-13 23:53 220032 ----a-w c:\windows\system32\drivers\HSFBS2S2.sys
2009-05-16 11:31 . 2008-04-13 23:53 1041536 ----a-w c:\windows\system32\drivers\HSFDPSP2.sys
2009-05-16 11:31 . 2008-04-14 00:15 10624 ----a-w c:\windows\system32\drivers\gameenum.sys
2009-05-16 11:30 . 2001-08-17 12:11 66591 ----a-w c:\windows\system32\drivers\el90xbc5.sys
2009-05-16 11:30 . 2008-04-14 00:06 42368 ----a-w c:\windows\system32\drivers\AGP440.SYS
2009-05-16 11:30 . 2008-04-14 05:42 74240 ----a-w c:\windows\system32\usbui.dll
2009-05-16 11:30 . 2008-04-14 00:49 146048 ----a-w c:\windows\system32\drivers\portcls.sys
2009-05-16 11:30 . 2008-04-14 02:41 4096 ----a-w c:\windows\system32\dllcache\ksuser.dll
2009-05-16 11:30 . 2008-04-14 02:41 4096 ----a-w c:\windows\system32\ksuser.dll
2009-05-16 11:30 . 2008-04-14 00:15 60160 ----a-w c:\windows\system32\drivers\drmk.sys
2009-05-16 11:25 . 2008-04-14 12:00 6656 ----a-r c:\windows\system32\kbdsl.dll
2009-05-16 11:23 . 2009-05-18 19:50 -------- d-----w c:\windows\system32\CatRoot
2009-05-16 11:23 . 2008-05-02 09:11 282725 ----a-w C:\DSPdsblr.exe
2009-05-16 11:23 . 2008-04-08 10:46 20992 ----a-w C:\makePNF.exe
2009-05-16 11:23 . 2008-04-08 10:46 137728 ----a-w C:\mute.exe
2009-05-16 11:23 . 2008-05-02 09:11 235131 ----a-w C:\pmtimer.exe
2009-05-16 11:23 . 2008-04-08 10:46 55808 ----a-w C:\devcon.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 21:37 . 2009-05-18 09:52 -------- d-----w c:\program files\Orbitdownloader
2009-05-18 09:52 . 2009-05-17 19:29 -------- d-----w c:\program files\Orbitdownloader(2)
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Microsoft
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Windows Live
2009-05-18 09:51 . 2009-05-18 09:51 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-16 17:39 . 2009-05-16 10:28 -------- d-----w c:\program files\Common Files\Real
2009-05-16 17:39 . 2009-05-16 10:28 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-16 17:39 . 2009-05-16 10:26 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-16 16:03 . 2009-05-16 10:13 172032 ------w c:\windows\Setup1.exe
2009-05-16 16:03 . 2009-05-16 10:13 73216 ----a-w c:\windows\ST6UNST.EXE
2009-05-16 15:53 . 2009-05-16 10:26 -------- d-----w c:\program files\VideoLAN
2009-05-16 14:35 . 2009-05-16 10:30 -------- d-----w c:\program files\Common Files\Ahead
2009-05-16 10:30 . 2009-05-16 10:30 -------- d-----w c:\program files\Nero
2009-05-16 10:28 . 2009-05-16 10:28 -------- d-----w c:\program files\Real
2009-05-16 10:25 . 2009-05-16 10:25 -------- d-----w c:\program files\ESET
2009-05-16 10:20 . 2009-05-16 10:20 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-16 10:16 . 2009-05-16 10:16 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-16 10:15 . 2009-05-16 04:45 99496 ----a-w c:\documents and settings\PC - DISKTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 05:14 . 2009-05-16 05:14 -------- d-----w c:\program files\Microsoft Works
2009-05-16 05:14 . 2009-05-16 05:14 -------- d-----w c:\program files\MSBuild
2009-05-16 05:09 . 2009-05-16 05:08 -------- d-----w c:\program files\Paltalk Messenger
2009-05-16 04:35 . 2009-05-16 04:35 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-16 04:35 . 2009-05-16 04:35 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2008-08-31 11:11 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-21 05:25 . 2008-12-31 14:04 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 18:09 . 2008-08-31 11:11 78336 ----a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-16 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-18 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-19 1719496]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^PC - DISKTOP^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\PC - DISKTOP\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/02/2008 07:11 ص 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21/12/2007 04:21 ص 468224]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [04/12/2008 12:03 م 226640]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-05-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:17]
2009-05-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-05-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-19 10:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Completion time: 2009-05-19 10:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 07:02
Pre-Run: 17,241,702,400 bytes free
Post-Run: 17,237,381,120 bytes free
301
توقيع : afalcon8
تأييد
0
الديبلوماسي
زيزوومى فضى
غير متصل
طيب الحين يالغالي :
أعد رفع تقرير الهايجاك مره ثانيه
الله يقويك ويصبرك :q:
أعد رفع تقرير الهايجاك مره ثانيه
الله يقويك ويصبرك :q:
توقيع : الديبلوماسي
تأييد
0
afalcon8
زيزوومي نشيط
غير متصل
اتفضل اخوي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:32, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7815 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:32, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7815 bytes
توقيع : afalcon8
تأييد
0
علاوي الدلوع
زيزوومي جديد
غير متصل
يالغااااااااااااالي احدف سرفر باك 3 الانة فية مشاكل
انا عندي مشاكل كتيرة والنظام بعد اسبوعين ينطرب منفسة
حتى المحلات عندنا منعت بيع نسخة باك 3
طريقة الحدف مامعاك الاالفورمات الان كيف بتحدفة انت سوي
فورمات لــــc بس ماتقسم الاقراص الباقية وانا افضلك التقسيم
الان احتمال يصادفك تعليق
عندماحد فت الباك 3 وانت جرب اول شي فرمت c بس
اخوك / علاوي
عااااااااااااااااشق الصيااااااااااانة
انا عندي مشاكل كتيرة والنظام بعد اسبوعين ينطرب منفسة
حتى المحلات عندنا منعت بيع نسخة باك 3
طريقة الحدف مامعاك الاالفورمات الان كيف بتحدفة انت سوي
فورمات لــــc بس ماتقسم الاقراص الباقية وانا افضلك التقسيم
الان احتمال يصادفك تعليق
عندماحد فت الباك 3 وانت جرب اول شي فرمت c بس
اخوك / علاوي
عااااااااااااااااشق الصيااااااااااانة
تأييد
0