جهازي مصاب بالفايروسات كثيرة جدا و أدارة المهام لا تفتح أبدا

سفير الدموع · 25 يوليو 2009

أخواني جهازي أتوقع أنه مصاب بالفيروسات كثيرة جدا هذا تقرير هاجايك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:16, on 25/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Vortex Tools\Classes\vortex\RDShutdown\DShutdown.exe
C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Download Manager\IDMan.exe
D:\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nimbuzz\Nimbuzz.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Rar$EX00.109\Sality_off.exe
C:\Program Files\MSN\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
D:\البرامج 2\koko_monde\New Folder (2)\FaRiS\runscanner.exe
C:\WINDOWS\system32\wuauclt.exe
D:\البرامج 2\koko_monde\New Folder (2)\Zyzoom.org_Tool_V_1.0.exe
C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\zyaoom Tool\Hijack.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] D:\avast\ashDisp.exe
O4 - HKLM\..\Run: [DShutdown] "C:\Program Files\Vortex Tools\Classes\vortex\RDShutdown\DShutdown.exe" /SAVEONEXIT /IP:LocalHost
O4 - HKLM\..\Run: [viruscleaner] "C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [hagent] C:\WINDOWS\system32\avp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nimbuzz] "C:\Program Files\Nimbuzz\Nimbuzz.exe" minimized
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4615 bytes

و تقرير runscanner

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

و أدارة المهام لا تفتح عند الفتح عليها لا تظهر أي نافذة

سفير الدموع · 25 يوليو 2009

تقرير Malwarebytes' Anti-Malware بس ببحث السريع

Malwarebytes' Anti-Malware 1.38
نسخة قاعدة البيانات: 2297
Windows 5.1.2600 Service Pack 2

25/07/2009 11:17:39 AM
mbam-log-2009-07-25 (11-17-39).txt

نوع البحث: بحث سريع
تم فحص: 119198
الوقت المنقضى: 16 minute(s), 20 second(s)

عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 0
قيم التسجيل المصابة: 0
بيانات التسجيل المصابة: 3
مجلدات مصابة: 0
ملفات مصابة: 2

عمليات الذاكرة المصابة:
(لم يتم الكشف عن أية عناصر ضارة)

وحدات الذاكرة المصابة:
(لم يتم الكشف عن أية عناصر ضارة)

مفاتيح التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)

قيم التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)

بيانات التسجيل المصابة:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

مجلدات مصابة:
(لم يتم الكشف عن أية عناصر ضارة)

ملفات مصابة:
c:\documents and settings\administrator.pcv.000\local settings\temp\zyaoom tool\bitdefender_q.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplore.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Demo-dash · 25 يوليو 2009

عطل استعادة النظام حسب الشرح التالي

ادخل هذه الصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafee
وارفعه على هذا الموقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفق رابط التحميل بمشاركتك القادمة

سفير الدموع · 25 يوليو 2009

أخوي بحاول أحمله من جهاز أخر و بحمله من جهازي أن أستطعت بس أريد هذان الملفان من جهازك أن كان
xp

و هما من

C:\WINDOWS\system32

ntvdm.exe

cleanmgr.exe

Demo-dash · 25 يوليو 2009

والله يالغلا انت تامر امر لكن انا نظامي فيستا

مو مشكلة .. اولا اعمل تنظيف للجهاز بالاداه الي فوق

ومن ثم اذا توفر عندك سي دي الوندوز ادلك على التالي لاستعادة الملفين التاليين

إبدأ >>> تشغيل >>>>> والصق هالكلمة مع إدراج سي دي الوندوز

sfc /scannow

وهو بيفحص نظامك ويسترجع لك المفات الناقصة

سفير الدموع · 25 يوليو 2009

أخوي لا أستطيع تحميل أداة المكافي و لا يوجد أي جهاز سليم قريب مني

Demo-dash · 25 يوليو 2009

x300x قال:
أخوي لا أستطيع تحميل أداة المكافي و لا يوجد أي جهاز سليم قريب مني

طيب جرب اداة الكاسبرسكاي

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفعه هنـا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او على اي مركز رفع

وجاري رفع اداه اخرى احتياطيا

البارون · 25 يوليو 2009

C:\WINDOWS\system32

هذا الملف انسى احد يرفعه لك لان حجمة 1 جيجا بايت

ntvdm.exe

cleanmgr.exe

هذولا الاثنين ولا تنسي تحطهم في مجلد C:\WINDOWS\system32

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

سفير الدموع · 25 يوليو 2009

أخوي جاري تحميل أداة الكاسبر و هذا تقرير من أداة SREngLdr

كود:

2009-07-25,11:59:06

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    API HOOK
    Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  [Skype Technologies S.A.]
    <IDMan><C:\Program Files\Internet Download Manager\IDMan.exe /onboot>  [Tonec Inc.]
    <Yahoo! Pager><"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [Yahoo! Inc.]
    <PC Suite Tray><"D:\Nokia PC Suite 7\PCSuite.exe" -onlytray>  [Nokia]
    <Nimbuzz><"C:\Program Files\Nimbuzz\Nimbuzz.exe" minimized>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SystemInit><>  [N/A]
    <Karen><>  [N/A]
    <raVe><>  [N/A]
    <SystemBackup><>  [N/A]
    <Win32BaseServiceMOD><>  [N/A]
    <startIE><>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <avast!><D:\avast\ashDisp.exe>  [(Verified)ALWIL Software]
    <DShutdown><"C:\Program Files\Vortex Tools\Classes\vortex\RDShutdown\DShutdown.exe" /SAVEONEXIT /IP:LocalHost>  [ND]
    <viruscleaner><"C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h>  [File is missing]
    <snpstd3><C:\WINDOWS\vsnpstd3.exe>  []
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Driver32><>  [N/A]
    <hagent><C:\WINDOWS\system32\avp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]

==================================
Startup Folders
N/A

==================================
Services
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINDOWS\System32\dmadmin.exe /com><Microsoft Corp., Veritas Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[ServiceLayer / ServiceLayer][Running/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[خدمة قارئ مجلة USN بمجلدات مشاركة Messenger / usnjsvc][Running/Manual Start]
  <"C:\Program Files\MSN Messenger\usnsvc.exe"><Microsoft Corporation>

==================================
Drivers
[abp470n5 / abp470n5][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\enpjjl.sys><N/A>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[aswFsBlk / aswFsBlk][Running/Auto Start]
  <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><Microsoft Corp., Veritas Software>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start]
  <system32\DRIVERS\e1000325.sys><Intel Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[Nokia USB Flashing Phone Parent / nmwcdnsu][Stopped/Manual Start]
  <system32\drivers\nmwcdnsu.sys><Nokia>
[Nokia USB Flashing Generic / nmwcdnsuc][Stopped/Manual Start]
  <system32\drivers\nmwcdnsuc.sys><Nokia>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Nokia>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Nokia>
[windrvNT / windrvNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\windrvNT.sys><N/A>
[MBAMSwissArmy / MBAMSwissArmy][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys><Malwarebytes Corporation>

==================================
Browser Add-ons
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <C:\Program Files\Internet Download Manager\IDMIECC.dll, (Signed) Tonec Inc.>
[Skype add-on (mastermind)]
  {22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Skype add-on (button)]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[Java Plug-in 1.6.0_02]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, (Signed) Sun Microsystems, Inc.>
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <C:\Program Files\Internet Download Manager\IDMIECC.dll, (Signed) Tonec Inc.>
[]
  {038CB5C7-48EA-4AF9-94E0-A1646542E62B} <, >
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[Skype add-on (mastermind)]
  {22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, (Signed) >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[]
  {53707962-6F74-2D53-2644-206D7942484F} <, >
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.6.0_02\bin\wsdetect.dll, Sun Microsystems, Inc.>
[]
  {6924091F-CD97-41E1-B1D4-D9079409D413} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Skype add-on (button)]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {9701758C-4373-482E-B13C-776C048EC890} <, >
[]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <, >
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <, >
[]
  {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} <, >
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[تحميل الكل بواسطة Internet Download Manager]
  <C:\Program Files\Internet Download Manager\IEGetAll.htm, N/A>
[تحميل بواسطة Internet Download Manager]
  <C:\Program Files\Internet Download Manager\IEExt.htm, N/A>
[تحميل محتوى FLV بواسطة Internet Download Manager]
  <C:\Program Files\Internet Download Manager\IEGetVL.htm, N/A>

==================================
Running Processes
[PID: 576 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winsrv.dll]  [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_qfe.070316-1308)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSGINA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 884 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 1080 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\System32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\netshell.dll]  [Microsoft Corporation, 5.1.2600.2979 (xpsp.060822-0009)]
    [c:\windows\system32\credui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\RASDLG.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 1240 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 1412 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 1640 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1736 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\themeui.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\netshell.dll]  [Microsoft Corporation, 5.1.2600.2979 (xpsp.060822-0009)]
    [C:\WINDOWS\system32\credui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\stobject.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [D:\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 2, 0, 0]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 6, 6, 0]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, ]
    [C:\Program Files\Internet Download Manager\IDMIECC.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 128 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 452 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.1.137]
    [C:\WINDOWS\system32\shell32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776 / Administrator][C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe]  [Abadisoft, 1.00]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vbame.dll]  [Microsoft Corporation, 2.2.5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796 / Administrator][C:\WINDOWS\vsnpstd3.exe]  [, 1, 0, 2, 2]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 904 / Administrator][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\Program Files\MSN Messenger\MSIMG32.dll]  [Patchou, 4, 23, 0, 276]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll]  [Patchou, 4, 23, 0, 276]
    [C:\Program Files\Messenger Plus! Live\Detoured.dll]  [N/A, ]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll]  [Patchou, 4, 23, 0, 276]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\devenum.dll]  [, ]
    [C:\WINDOWS\system32\quartz.dll]  [, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\netshell.dll]  [Microsoft Corporation, 5.1.2600.2979 (xpsp.060822-0009)]
    [C:\WINDOWS\system32\credui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300 / Administrator][C:\Program Files\Internet Download Manager\IDMan.exe]  [Tonec Inc., 5.15.6.0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1560 / Administrator][D:\Nokia PC Suite 7\PCSuite.exe]  [Nokia, 7, 1, 39, 0]
    [D:\Nokia PC Suite 7\QtCore4.dll]  [N/A, ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Nokia PC Suite 7\QtGui4.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [D:\Nokia PC Suite 7\QtXml4.dll]  [N/A, ]
    [D:\Nokia PC Suite 7\CDC.dll]  [Nokia, 7, 1, 5, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [D:\Nokia PC Suite 7\PCSL.dll]  [Nokia, 7, 0, 12, 0]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.dll]  [Nokia., 7, 0, 126, 0]
    [C:\Program Files\PC Connectivity Solution\DAAPI.dll]  [Nokia, 7, 0, 155, 0]
    [C:\Program Files\PC Connectivity Solution\PCCS_ABAPI.dll]  [Nokia, 7, 0, 19, 0]
    [D:\Nokia PC Suite 7\styles\NGLStyle.dll]  [Nokia, 7, 1, 15, 0]
    [D:\Nokia PC Suite 7\imageformats\qjpeg4.dll]  [N/A, ]
    [D:\Nokia PC Suite 7\imageformats\qsvg4.dll]  [N/A, ]
    [D:\Nokia PC Suite 7\QtSvg4.dll]  [N/A, ]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\PC Connectivity Solution\ConfServer.dll]  [Nokia, 7, 0, 43, 0]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [D:\Nokia PC Suite 7\libeay32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8g]
[PID: 3108 / Administrator][C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe]  [Yahoo! Inc., 8,1,0,0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\Program Files\Yahoo!\Messenger\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Yahoo!\Messenger\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\Program Files\Yahoo!\Shared\YbSkin2.dll]  [Yahoo! Inc., 2006, 10, 11, 1]
    [C:\Program Files\Yahoo!\Messenger\res_msgr.dll]  [Yahoo! Inc., 8,5,0,1]
[PID: 3372 / Administrator][C:\Program Files\Internet Download Manager\IEMonitor.exe]  [Tonec Inc., 5, 12, 8, 0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2040 / SYSTEM][C:\Program Files\PC Connectivity Solution\ServiceLayer.exe]  [Nokia., 7, 0, 124, 0]
    [C:\Program Files\PC Connectivity Solution\PCCS_DBEngine.dll]  [Nokia, 7, 0, 6, 0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2100 / SYSTEM][C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe]  [Nokia, 7, 0, 15, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 1348 / SYSTEM][C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe]  [Nokia, 7, 0, 7, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 3160 / Administrator][C:\Program Files\Nimbuzz\Nimbuzz.exe]  [N/A, ]
    [C:\Program Files\Nimbuzz\QtXml4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\QtCore4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\QtGui4.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\Program Files\Nimbuzz\QtNetwork4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\QtSql4.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\Program Files\Nimbuzz\imageformats\qgif4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\imageformats\qjpeg4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\ssleay32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8i]
    [C:\Program Files\Nimbuzz\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8i]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
[PID: 3296 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 412 / Administrator][D:\Malwarebytes' Anti-Malware\mbam.exe]  [Malwarebytes Corporation, 1.39]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vbame.dll]  [Microsoft Corporation, 2.2.5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [D:\Malwarebytes' Anti-Malware\vbalsgrid6.ocx]  [vbAccelerator, 2.00.0040]
    [C:\WINDOWS\system32\shell32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Malwarebytes' Anti-Malware\ssubtmr6.dll]  [vbAccelerator, 1.01.0003]
    [D:\Malwarebytes' Anti-Malware\mbam.dll]  [Malwarebytes Corporation, 1, 4, 0, 0]
    [D:\Malwarebytes' Anti-Malware\zlib.dll]  [, 1.2.3.0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
[PID: 2904 / Administrator][D:\البرامج 2\koko_monde\New Folder (2)\FaRiS\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 3316 / Administrator][D:\البرامج 2\koko_monde\New Folder (2)\FaRiS\SRE74235ab9.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1744 / Administrator][C:\Program Files\MSN\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.12]
    [C:\Program Files\MSN\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.12]
    [C:\Program Files\MSN\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.10]
    [C:\Program Files\MSN\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
    [C:\Program Files\MSN\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\MSN\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.5]
    [C:\Program Files\MSN\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.5]
    [C:\Program Files\MSN\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.5]
    [C:\Program Files\MSN\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\Program Files\MSN\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.12]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\Program Files\MSN\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.12]
    [C:\Program Files\MSN\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.12]
    [C:\Documents and Settings\Administrator.PCV.000\Application Data\IDM\idmmzcc2\components\idmmzcc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [D:\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll]  [Nokia, 9.00 (712)]
    [C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll]  [RealPlayer, 1.0.1.200]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\MSN\Mozilla Firefox\plugins\npnul32.dll]  [mozilla.org, 1, 0, 0, 15]
    [C:\Program Files\MSN\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.75]
    [C:\Program Files\MSN\Mozilla Firefox\plugins\NPAskSBr.dll]  [Ask.com, 1, 0, 0, 0]
[PID: 3092 / Administrator][C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winiyrowc.exe]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
[PID: 3264 / Administrator][C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\qcdy.exe]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
[PID: 3776 / Administrator][C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\yhaevy.exe]  [N/A, ]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 816 / Administrator][C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\w59ac0.exe]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
NOD32 protected [IDM_LAYERED_MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [IDM_LAYERED_MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [IDM_LAYERED_MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [IDM_LAYERED_RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [IDM_LAYERED_RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
IDM_LAYERED_MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LAYERED_MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LAYERED_MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LAYERED_RSVP UDP Service Provider
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LAYERED_RSVP TCP Service Provider
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LP
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost
127.0.0.1   www.winantivirus.com
127.0.0.1   winantivirus.com

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1736, C:\WINDOWS\EXPLORER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 452, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 776, C:\PROGRAM FILES\ABADISOFT\AVC 4.0\ABADISOFTCLEANVIRUS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 796, C:\WINDOWS\VSNPSTD3.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 904, C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1300, C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1560, D:\NOKIA PC SUITE 7\PCSUITE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3108, C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2100, C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLUSBSRV.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3160, C:\PROGRAM FILES\NIMBUZZ\NIMBUZZ.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3336, C:\WINDOWS\SYSTEM32\NOTEPAD.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2904, D:\البرامج 2\KOKO_MONDE\NEW FOLDER (2)\FARIS\SRENGLDR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3092, C:\DOCUME~1\ADMINI~1.000\LOCALS~1\TEMP\WINIYROWC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3264, C:\DOCUME~1\ADMINI~1.000\LOCALS~1\TEMP\QCDY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3776, C:\DOCUME~1\ADMINI~1.000\LOCALS~1\TEMP\YHAEVY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 816, C:\DOCUME~1\ADMINI~1.000\LOCALS~1\TEMP\W59AC0.EXE]

==================================
Scheduled Tasks
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

سفير الدموع · 25 يوليو 2009

شكرا أخوي البارون بس ممكن أعرف شو هي الملفات التي تفتح أدارة المهام

Demo-dash · 25 يوليو 2009

البارون قال:
C:\WINDOWS\system32

هذا الملف انسى احد يرفعه لك لان حجمة 1 جيجا بايت

ntvdm.exe

cleanmgr.exe

هذولا الاثنين ولا تنسي تحطهم في مجلد C:\WINDOWS\system32

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

جابها البارون .. الله يجزاك خير :king:

k:

x300x قال:

أخوي جاري تحميل أداة الكاسبر و هذا تقرير من أداة SREngLdr

كود:

2009-07-25,11:59:06

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    API HOOK
    Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  [Skype Technologies S.A.]
    <IDMan><C:\Program Files\Internet Download Manager\IDMan.exe /onboot>  [Tonec Inc.]
    <Yahoo! Pager><"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [Yahoo! Inc.]
    <PC Suite Tray><"D:\Nokia PC Suite 7\PCSuite.exe" -onlytray>  [Nokia]
    <Nimbuzz><"C:\Program Files\Nimbuzz\Nimbuzz.exe" minimized>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SystemInit><>  [N/A]
    <Karen><>  [N/A]
    <raVe><>  [N/A]
    <SystemBackup><>  [N/A]
    <Win32BaseServiceMOD><>  [N/A]
    <startIE><>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <avast!><D:\avast\ashDisp.exe>  [(Verified)ALWIL Software]
    <DShutdown><"C:\Program Files\Vortex Tools\Classes\vortex\RDShutdown\DShutdown.exe" /SAVEONEXIT /IP:LocalHost>  [ND]
    <viruscleaner><"C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h>  [File is missing]
    <snpstd3><C:\WINDOWS\vsnpstd3.exe>  []
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Driver32><>  [N/A]
    <hagent><C:\WINDOWS\system32\avp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]

==================================
Startup Folders
N/A

==================================
Services
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINDOWS\System32\dmadmin.exe /com><Microsoft Corp., Veritas Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[ServiceLayer / ServiceLayer][Running/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[خدمة قارئ مجلة USN بمجلدات مشاركة Messenger / usnjsvc][Running/Manual Start]
  <"C:\Program Files\MSN Messenger\usnsvc.exe"><Microsoft Corporation>

==================================
Drivers
[abp470n5 / abp470n5][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\enpjjl.sys><N/A>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[aswFsBlk / aswFsBlk][Running/Auto Start]
  <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><Microsoft Corp., Veritas Software>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start]
  <system32\DRIVERS\e1000325.sys><Intel Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[Nokia USB Flashing Phone Parent / nmwcdnsu][Stopped/Manual Start]
  <system32\drivers\nmwcdnsu.sys><Nokia>
[Nokia USB Flashing Generic / nmwcdnsuc][Stopped/Manual Start]
  <system32\drivers\nmwcdnsuc.sys><Nokia>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Nokia>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Nokia>
[windrvNT / windrvNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\windrvNT.sys><N/A>
[MBAMSwissArmy / MBAMSwissArmy][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys><Malwarebytes Corporation>

==================================
Browser Add-ons
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <C:\Program Files\Internet Download Manager\IDMIECC.dll, (Signed) Tonec Inc.>
[Skype add-on (mastermind)]
  {22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Skype add-on (button)]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[Java Plug-in 1.6.0_02]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, (Signed) Sun Microsystems, Inc.>
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <C:\Program Files\Internet Download Manager\IDMIECC.dll, (Signed) Tonec Inc.>
[]
  {038CB5C7-48EA-4AF9-94E0-A1646542E62B} <, >
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[Skype add-on (mastermind)]
  {22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, (Signed) >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[]
  {53707962-6F74-2D53-2644-206D7942484F} <, >
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.6.0_02\bin\wsdetect.dll, Sun Microsystems, Inc.>
[]
  {6924091F-CD97-41E1-B1D4-D9079409D413} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Skype add-on (button)]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, (Signed) Skype Technologies S.A.>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {9701758C-4373-482E-B13C-776C048EC890} <, >
[]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <, >
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <, >
[]
  {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} <, >
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[تحميل الكل بواسطة Internet Download Manager]
  <C:\Program Files\Internet Download Manager\IEGetAll.htm, N/A>
[تحميل بواسطة Internet Download Manager]
  <C:\Program Files\Internet Download Manager\IEExt.htm, N/A>
[تحميل محتوى FLV بواسطة Internet Download Manager]
  <C:\Program Files\Internet Download Manager\IEGetVL.htm, N/A>

==================================
Running Processes
[PID: 576 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winsrv.dll]  [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_qfe.070316-1308)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSGINA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 884 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 1080 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\System32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\netshell.dll]  [Microsoft Corporation, 5.1.2600.2979 (xpsp.060822-0009)]
    [c:\windows\system32\credui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\RASDLG.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 1240 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 1412 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 1640 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1736 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\themeui.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\netshell.dll]  [Microsoft Corporation, 5.1.2600.2979 (xpsp.060822-0009)]
    [C:\WINDOWS\system32\credui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\stobject.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4020]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [D:\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 2, 0, 0]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 6, 6, 0]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, ]
    [C:\Program Files\Internet Download Manager\IDMIECC.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 128 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 452 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.1.137]
    [C:\WINDOWS\system32\shell32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776 / Administrator][C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe]  [Abadisoft, 1.00]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vbame.dll]  [Microsoft Corporation, 2.2.5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796 / Administrator][C:\WINDOWS\vsnpstd3.exe]  [, 1, 0, 2, 2]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 904 / Administrator][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\Program Files\MSN Messenger\MSIMG32.dll]  [Patchou, 4, 23, 0, 276]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll]  [Patchou, 4, 23, 0, 276]
    [C:\Program Files\Messenger Plus! Live\Detoured.dll]  [N/A, ]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll]  [Patchou, 4, 23, 0, 276]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\devenum.dll]  [, ]
    [C:\WINDOWS\system32\quartz.dll]  [, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\netshell.dll]  [Microsoft Corporation, 5.1.2600.2979 (xpsp.060822-0009)]
    [C:\WINDOWS\system32\credui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300 / Administrator][C:\Program Files\Internet Download Manager\IDMan.exe]  [Tonec Inc., 5.15.6.0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1560 / Administrator][D:\Nokia PC Suite 7\PCSuite.exe]  [Nokia, 7, 1, 39, 0]
    [D:\Nokia PC Suite 7\QtCore4.dll]  [N/A, ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Nokia PC Suite 7\QtGui4.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [D:\Nokia PC Suite 7\QtXml4.dll]  [N/A, ]
    [D:\Nokia PC Suite 7\CDC.dll]  [Nokia, 7, 1, 5, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [D:\Nokia PC Suite 7\PCSL.dll]  [Nokia, 7, 0, 12, 0]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.dll]  [Nokia., 7, 0, 126, 0]
    [C:\Program Files\PC Connectivity Solution\DAAPI.dll]  [Nokia, 7, 0, 155, 0]
    [C:\Program Files\PC Connectivity Solution\PCCS_ABAPI.dll]  [Nokia, 7, 0, 19, 0]
    [D:\Nokia PC Suite 7\styles\NGLStyle.dll]  [Nokia, 7, 1, 15, 0]
    [D:\Nokia PC Suite 7\imageformats\qjpeg4.dll]  [N/A, ]
    [D:\Nokia PC Suite 7\imageformats\qsvg4.dll]  [N/A, ]
    [D:\Nokia PC Suite 7\QtSvg4.dll]  [N/A, ]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\PC Connectivity Solution\ConfServer.dll]  [Nokia, 7, 0, 43, 0]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [D:\Nokia PC Suite 7\libeay32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8g]
[PID: 3108 / Administrator][C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe]  [Yahoo! Inc., 8,1,0,0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\Program Files\Yahoo!\Messenger\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Yahoo!\Messenger\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\Program Files\Yahoo!\Shared\YbSkin2.dll]  [Yahoo! Inc., 2006, 10, 11, 1]
    [C:\Program Files\Yahoo!\Messenger\res_msgr.dll]  [Yahoo! Inc., 8,5,0,1]
[PID: 3372 / Administrator][C:\Program Files\Internet Download Manager\IEMonitor.exe]  [Tonec Inc., 5, 12, 8, 0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2040 / SYSTEM][C:\Program Files\PC Connectivity Solution\ServiceLayer.exe]  [Nokia., 7, 0, 124, 0]
    [C:\Program Files\PC Connectivity Solution\PCCS_DBEngine.dll]  [Nokia, 7, 0, 6, 0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2100 / SYSTEM][C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe]  [Nokia, 7, 0, 15, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 1348 / SYSTEM][C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe]  [Nokia, 7, 0, 7, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 3160 / Administrator][C:\Program Files\Nimbuzz\Nimbuzz.exe]  [N/A, ]
    [C:\Program Files\Nimbuzz\QtXml4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\QtCore4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\QtGui4.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\Program Files\Nimbuzz\QtNetwork4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\QtSql4.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\Program Files\Nimbuzz\imageformats\qgif4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\imageformats\qjpeg4.dll]  [N/A, ]
    [C:\Program Files\Nimbuzz\ssleay32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8i]
    [C:\Program Files\Nimbuzz\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8i]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
[PID: 3296 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 412 / Administrator][D:\Malwarebytes' Anti-Malware\mbam.exe]  [Malwarebytes Corporation, 1.39]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vbame.dll]  [Microsoft Corporation, 2.2.5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [D:\Malwarebytes' Anti-Malware\vbalsgrid6.ocx]  [vbAccelerator, 2.00.0040]
    [C:\WINDOWS\system32\shell32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Malwarebytes' Anti-Malware\ssubtmr6.dll]  [vbAccelerator, 1.01.0003]
    [D:\Malwarebytes' Anti-Malware\mbam.dll]  [Malwarebytes Corporation, 1, 4, 0, 0]
    [D:\Malwarebytes' Anti-Malware\zlib.dll]  [, 1.2.3.0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
[PID: 2904 / Administrator][D:\البرامج 2\koko_monde\New Folder (2)\FaRiS\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 3316 / Administrator][D:\البرامج 2\koko_monde\New Folder (2)\FaRiS\SRE74235ab9.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1744 / Administrator][C:\Program Files\MSN\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.12]
    [C:\Program Files\MSN\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.12]
    [C:\Program Files\MSN\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.10]
    [C:\Program Files\MSN\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
    [C:\Program Files\MSN\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\MSN\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.5]
    [C:\Program Files\MSN\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.5]
    [C:\Program Files\MSN\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.5]
    [C:\Program Files\MSN\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\Program Files\MSN\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.12]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 5, 15, 4, 0]
    [C:\Program Files\MSN\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.12]
    [C:\Program Files\MSN\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.12]
    [C:\Documents and Settings\Administrator.PCV.000\Application Data\IDM\idmmzcc2\components\idmmzcc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [D:\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll]  [Nokia, 9.00 (712)]
    [C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll]  [RealPlayer, 1.0.1.200]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\MSN\Mozilla Firefox\plugins\npnul32.dll]  [mozilla.org, 1, 0, 0, 15]
    [C:\Program Files\MSN\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\MSN\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.75]
    [C:\Program Files\MSN\Mozilla Firefox\plugins\NPAskSBr.dll]  [Ask.com, 1, 0, 0, 0]
[PID: 3092 / Administrator][C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winiyrowc.exe]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
[PID: 3264 / Administrator][C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\qcdy.exe]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
[PID: 3776 / Administrator][C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\yhaevy.exe]  [N/A, ]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]
[PID: 816 / Administrator][C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\w59ac0.exe]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\system32\idmmbc.dll]  [Tonec Inc., 5, 15, 6, 0]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
NOD32 protected [IDM_LAYERED_MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [IDM_LAYERED_MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [IDM_LAYERED_MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [IDM_LAYERED_RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [IDM_LAYERED_RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
IDM_LAYERED_MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LAYERED_MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LAYERED_MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LAYERED_RSVP UDP Service Provider
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LAYERED_RSVP TCP Service Provider
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
IDM_LP
    C:\WINDOWS\system32\idmmbc.dll(Tonec Inc., Internet Download Manager LSP dll)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost
127.0.0.1   www.winantivirus.com
127.0.0.1   winantivirus.com

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1736, C:\WINDOWS\EXPLORER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 452, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 776, C:\PROGRAM FILES\ABADISOFT\AVC 4.0\ABADISOFTCLEANVIRUS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 796, C:\WINDOWS\VSNPSTD3.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 904, C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1300, C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1560, D:\NOKIA PC SUITE 7\PCSUITE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3108, C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2100, C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLUSBSRV.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3160, C:\PROGRAM FILES\NIMBUZZ\NIMBUZZ.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3336, C:\WINDOWS\SYSTEM32\NOTEPAD.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2904, D:\البرامج 2\KOKO_MONDE\NEW FOLDER (2)\FARIS\SRENGLDR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3092, C:\DOCUME~1\ADMINI~1.000\LOCALS~1\TEMP\WINIYROWC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3264, C:\DOCUME~1\ADMINI~1.000\LOCALS~1\TEMP\QCDY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3776, C:\DOCUME~1\ADMINI~1.000\LOCALS~1\TEMP\YHAEVY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 816, C:\DOCUME~1\ADMINI~1.000\LOCALS~1\TEMP\W59AC0.EXE]

==================================
Scheduled Tasks
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

وبانتظار تقرير الكاسبر بإذن الله

SN!PER · 25 يوليو 2009

يالغالي من برنامج الهايجاك اصلح القيمتين دول

O4 - HKLM\..\RunServices: [hagent] C:\WINDOWS\system32\avp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم حمل هذه الاداه

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واغلق كل المتصفحات وكل البرامج التي تعمل ولا تفعل اي شيء اثناء الفحص انتظر حتي تنتهي من الفحص ثم ارفع التقرير هنا ستجده في المسار التالي C:\ComboFix.txt

سفير الدموع · 25 يوليو 2009

أخوي كيف أصلح القيمتان يعني أحذفها و هل أنت متأكد أنه لازم تنحذف

البارون · 25 يوليو 2009

اخوي x300x تابع مع ديمو داش

سفير الدموع · 25 يوليو 2009

صح كلامك البارون و أنت من أكثر الناس أثق بها راااح أسمع كلامك

سفير الدموع · 25 يوليو 2009

أخوي ديمو داش تم أكتشاف بالكاسبر مجموعة و هو الأن 7% حتى ينتهي راااح أرفق تقرير

سفير الدموع · 25 يوليو 2009

طلع detected: new threat Hidden.Object (modification) File: C:\sccfg.sys و مش راضي يسمح شو السبب

سفير الدموع · 25 يوليو 2009

هذا هو التقرير و هو 39% و بعد مرور 1 ساعة لكن لم ينتهي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Demo-dash · 25 يوليو 2009

x300x قال:
هذا هو التقرير و هو 39% و بعد مرور 1 ساعة لكن لم ينتهي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

جهازك مصاب بفايروس سالتي .. من اخطر الفايروسات

بالنسبه للفايروس الي مانحذف سوف يتم حذفه او تنضيفه بعد اعادة التشغيل

اخي اعد الفحص حتى يكتمل 100%

الفايروس هذا انتشاره سريع جدا بالجهاز ويصيب exe و dll وكاننا ماعملنا اي شي

لازم تعمل فحص ثاني اخي الحبيب

اذا اداه الكاسبر وقفت او علقت بع عده محاولات خبرنا من شان نعطيك اداوات ثانية

سفير الدموع · 25 يوليو 2009

أخوي بس أداة الكاسبر تجلس وقت كبيرة جدا يعني لحد الأن لم تنتهي من البحث مع مرور 1 ساعة و 10 دقائق

زيزوومى مبدع

زيزوومى مبدع

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى مبدع

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى مبدع

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى فضى

توقيع : البارون

زيزوومى مبدع

زيزوومى مبدع

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى متألق

زيزوومى مبدع

زيزوومى فضى

توقيع : البارون

زيزوومى مبدع

زيزوومى مبدع

زيزوومى مبدع

زيزوومى مبدع

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى مبدع

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash

توقيع : Demo-dash