-
تصميم Ramy Badraan
برنامج الحماية الشاملة AVG Internet Security أحدث اصدار نسخة مفعلة مسبقا لغاية سنة 2031 وتنصيب صامت تصميم Ramy Badraan
WinRAR - أداة متكاملة لتحميل وتثبيت وتفعيل WinRAR7.11 اخر اصدار تلقائيًا وبثلاث لغات) تصميم Ramy Badraan
متصفح القوة والسرعة Google Chrome 116.0.5845.97 Stable تصميم Ramy Badraan
الأسطوانة العربية** Ar Windows 10-11 (2019-2021-2024) IoT Enterprise LTSC (x64) Update April 2025 تصميم Ramy Badraan
Windows Video Converter 2025 v9.9.9.17 برنامج تحويل وتحرير الفيديو الكل في واحد تصميم Ramy Badraan
27.00.0300 XYplorer Pro لإدارة الملفات والمجلدات والبحث عنها بسرعة تصميم Ramy Badraan
ويندوز 11 اندكس برو -عربي إنكليزي فرنسي من غير متطلبات ومفعلWindows11PRO_24H2(Ar-En-Fr)26100.3909-Activ_NO TPM تصميم Ramy Badraan
Foxit PDF Editor 2025 .1.0.27937 تصميم Ramy Badraan
CoolUtils Total Doc Converter 5.1.0.364 Repack & Portable لتحويل الملفات الكتابية إلى عدة صيغ تصميم Ramy Badraan
Cisdem Video Compressor 2.2.0 برنامج لضغط الفيديوهات مع المحافظة على الجودة قدر الإمكان - مع التفعيل تصميم Ramy Badraan
تعال سجل Internet Download Manager باسمك -تفعيل تحديث مع IDM Activation Assistant v1.0 تصميم Ramy Badraan
PDF-XChange Editor Plus+PRO v10.6.0.396 تصميم Ramy Badraan
Office 2013-2024 C2R Install + Lite v7.7.7.7 r26 | Install Office and Activate لتحميل وتفعيل الأوفيس تصميم Ramy Badraan
برنامج الحماية الرهيب Webroot Secure Anywhere CE 25.2 والتفعيل بسيريال لمدة 700 يوم تصميم Ramy Badraan
العملاق الأندونيسي Smadav Pro 2025 v15.4 كامل ومحدث مع التفعيل الحصري تصميم Ramy Badraan
Zyzoom Driver Booster Tool - عملاق جلب التعريفات Iobit Driver Booster فى اصداره النهائى مفعل - تنصيب صامت) تصميم Ramy Badraan
Zyzoom Process Lasso Tool - Wise Care 365 Pro 7.2.4.697 RePack & Portable البرنامج الشامل للصيانة وإصلاح النظام) تصميم Ramy Badraan
TechsmithSnagit 25.1.0.6239 x64 Silent Install عملاق تصوير الشاشة وعمل الشروحات تصميم Ramy Badraan
Glary Utilities Pro 6.24.0.28 RePack & Portable لصيانة النظام وتنظيفه من الملفات التالفة تصميم Ramy Badraan
Zyzoom Process Lasso Tool - عملاق تسريع المعالج وتنظيم العمليات فى اصداره الاخير - تنصيب صامت) 
- بادئ الموضوع nijmawy
- تاريخ البدء
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمةتوقيع : algnral
تأييد 0
MAAX
عضوشرف
غير متصلحمل هذا البرنامج
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادمالتعديل الأخير بواسطة المشرف:تأييد 0ComboFix 09-12-04.05 - Nijmawy 12/05/2009 19:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.961.1033.18.767.492 [GMT 2:00]
Running from: c:\documents and settings\Nijmawy\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4\cnvpe.fne
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4\eAPI.fne
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4\internet.fne
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4\shell.fne
c:\docume~1\Nijmawy\LOCALS~1\Temp\E_N4\spec.fne
c:\documents and settings\Nijmawy\Application Data\addons.dat
c:\windows\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH
c:\windows\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH \Kcast.lnk
D:\resycled
E:\resycled
F:\resycled
G:\resycled
g:\resycled\boot.com
G:\wjlfhtfm.cmd
Infected copy of c:\windows\system32\midimap.dll was found and disinfected
Restored copy from - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-04 17:38 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 17:38 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 17:38 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 17:38 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 17:38 . 2009-12-04 17:38 -------- d-----w- c:\program files\Avira
2009-12-04 17:38 . 2009-12-04 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-03 19:30 . 2009-12-03 19:30 11264 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\MP3Gain\40000012a00002i\winamp.exe
2009-12-03 19:29 . 2009-12-03 19:29 11264 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\MP3Gain\40000040800003i\mp3gain.exe
2009-12-03 15:47 . 2009-12-03 15:47 8704 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\Super DVD Creator 8.5\1000000500002i\regsvr32.exe
2009-12-01 19:54 . 2009-12-01 19:54 7680 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\Flash Games 1.0\1000000b00002i\rundll32.exe
2009-12-01 19:37 . 2009-12-01 19:37 7680 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\Flash Games 1.0\4000007d00002i\IEXPLORE.EXE
2009-11-29 20:58 . 2009-11-29 20:58 7168 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\Total Video Converter 3.12 080330\100000017a00002i\explorer.exe
2009-11-29 20:15 . 2009-11-29 20:15 36352 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\GOM Player\4000007d00002i\IEXPLORE.EXE
2009-11-29 20:14 . 2009-12-05 16:43 -------- d--h--w- c:\windows\system32\17B1A1
2009-11-29 20:14 . 2009-11-29 20:40 -------- d--h--w- c:\windows\system32\E0220B
2009-11-29 20:14 . 2009-11-29 20:14 -------- d--h--w- c:\windows\system32\6D0E53
2009-11-29 20:14 . 2009-11-29 20:14 -------- d--h--w- c:\windows\system32\9486A9
2009-11-29 19:48 . 2009-11-29 19:48 7680 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\eBlom Internet Banking v6.0\300000008c100002i\EXCEL.EXE
2009-11-29 19:45 . 2009-11-29 19:45 7680 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\eBlom Internet Banking v6.0\400000c00002i\GoogleToolbarNotifier.exe
2009-11-29 13:31 . 2009-11-29 13:32 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\Media Player Classic
2009-11-29 13:19 . 2009-11-29 13:19 -------- d-----w- c:\program files\GlobFX
2009-11-29 09:45 . 2009-11-29 09:45 1150 ----a-r- c:\documents and settings\Nijmawy\Application Data\Microsoft\Installer\{F3DFED0B-07F2-41B4-BD5D-7937A554FC73}\_4ae13d6c.exe
2009-11-29 09:45 . 2009-11-29 09:45 -------- d-----w- c:\program files\ShellUploader
2009-11-29 08:54 . 2009-11-29 09:25 -------- d-----w- c:\program files\A1Click Ultra PC Cleaner
2009-11-29 08:22 . 2009-11-29 08:22 -------- d-----w- c:\windows\Performance
2009-11-29 08:22 . 2009-11-29 08:22 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-11-29 08:10 . 2009-11-29 08:22 -------- d-----w- c:\documents and settings\Nijmawy\Local Settings\Application Data\Microsoft Corporation
2009-11-28 23:47 . 2009-11-28 23:47 626688 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\msvcr80.dll
2009-11-28 23:47 . 2009-11-28 23:47 548864 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\msvcp80.dll
2009-11-28 23:47 . 2009-11-28 23:47 1757184 ----a-w- c:\documents and settings\All Users\Application Data\Torrent2Exe\fdmbtsupp.dll
2009-11-28 23:46 . 2009-11-28 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Torrent2Exe
2009-11-28 17:33 . 2009-11-28 17:33 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\Topaz Moment
2009-11-28 12:53 . 2009-11-28 13:05 -------- d-----w- c:\documents and settings\Nijmawy\Local Settings\Application Data\PhotoJoy
2009-11-28 12:52 . 2009-11-28 12:52 -------- d-----w- c:\program files\PhotoJoy
2009-11-28 12:52 . 2009-11-28 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoJoy
2009-11-28 12:41 . 2009-11-28 12:41 7680 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\VeryPDF PDF2Word v3.0\30000000a3f00002i\WINWORD.EXE
2009-11-28 12:34 . 2009-11-28 12:34 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\PixelPlanet
2009-11-27 17:05 . 2003-11-15 20:27 118872 ----a-w- c:\windows\system32\PXC25uis.dll
2009-11-27 17:05 . 2003-09-15 01:36 390656 ----a-w- c:\windows\system32\pdfxclib.dll
2009-11-27 17:05 . 2003-08-15 22:15 109568 ----a-w- c:\windows\system32\pdfxcpro.dll
2009-11-27 17:05 . 2003-08-15 22:12 144896 ----a-w- c:\windows\system32\xc_parse.dll
2009-11-27 17:05 . 2003-07-31 17:02 8704 ----a-w- c:\windows\system32\pdfxcds.dll
2009-11-27 17:05 . 2003-05-18 17:37 157184 ----a-w- c:\windows\system32\img_xchg.dll
2009-11-27 17:05 . 2003-04-13 23:08 185344 ----a-w- c:\windows\system32\Img_cdx.dll
2009-11-27 17:05 . 2003-02-05 19:06 45142 ----a-w- c:\windows\system32\PXC25s.dll
2009-11-27 17:05 . 2002-12-27 17:33 20569 ----a-w- c:\windows\system32\PXC25pm.dll
2009-11-27 17:04 . 2009-11-27 17:05 -------- d-----w- c:\program files\TTMessenger
2009-11-27 11:24 . 2009-11-27 11:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-27 11:23 . 2009-11-27 11:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-27 11:22 . 2009-11-27 11:22 -------- d-----w- c:\program files\Google
2009-11-26 22:24 . 2009-11-26 22:24 -------- d-----w- c:\windows\system32\windows media
2009-11-26 22:23 . 2009-11-26 22:24 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-26 22:23 . 2009-11-26 22:23 -------- d-----w- c:\program files\Windows Media Components
2009-11-26 22:23 . 2009-11-26 22:24 162816 ----a-w- c:\windows\system32\fmod.dll
2009-11-26 22:23 . 2009-11-26 22:23 -------- d-----w- c:\windows\system32\Server
2009-11-26 22:23 . 2009-11-26 22:23 200704 ----a-r- c:\documents and settings\Nijmawy\Application Data\Microsoft\Installer\{394B110D-0FC5-4606-97E0-533E3DAAA6DD}\qq.exe1_23B87F1C4C254DA3B14945516F9A79E6.exe
2009-11-26 22:23 . 2009-11-26 22:23 200704 ----a-r- c:\documents and settings\Nijmawy\Application Data\Microsoft\Installer\{394B110D-0FC5-4606-97E0-533E3DAAA6DD}\qq.exe_23B87F1C4C254DA3B14945516F9A79E6.exe
2009-11-26 22:23 . 2009-11-26 22:23 10134 ----a-r- c:\documents and settings\Nijmawy\Application Data\Microsoft\Installer\{394B110D-0FC5-4606-97E0-533E3DAAA6DD}\ARPPRODUCTICON.exe
2009-11-26 22:23 . 2009-11-26 22:26 -------- d-----w- c:\program files\MSN Webcam Recorder
2009-11-26 22:23 . 2009-11-28 11:24 -------- d-----w- c:\documents and settings\Nijmawy\Local Settings\Application Data\ApplicationHistory
2009-11-26 22:20 . 2009-11-26 22:20 -------- d-----w- c:\windows\system32\URTTEMP
2009-11-26 21:14 . 2009-12-03 19:23 -------- d-----w- c:\program files\Absolute Sound Recorder
2009-11-26 12:22 . 2009-11-26 12:22 -------- d--h--w- c:\windows\PIF
2009-11-24 16:45 . 2009-11-24 16:51 5865064 ----a-w- c:\documents and settings\All Users\Application Data\SweetIM\Messenger\update\sweetimsetup.exe
2009-11-24 06:58 . 2009-11-24 06:58 7680 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\eBlom Internet Banking v6.0\4000007d00002i\IEXPLORE.EXE
2009-11-24 01:10 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-24 01:10 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-23 21:31 . 2009-11-23 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-11-23 21:11 . 2009-11-23 21:11 -------- d-----w- c:\program files\MetaTrader - Bellgain
2009-11-23 21:02 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-23 21:00 . 2009-11-23 21:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-23 20:56 . 2009-11-23 20:58 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-23 20:56 . 2009-11-23 20:56 -------- d-----w- c:\windows\system32\LogFiles
2009-11-23 20:53 . 2009-11-23 20:53 274432 ----a-w- c:\documents and settings\Nijmawy\Application Data\COOL TITLE BORE\Multi Mode Surf.exe
2009-11-23 20:53 . 2009-11-23 20:53 495616 ----a-w- c:\documents and settings\Nijmawy\Application Data\COOL TITLE BORE\AboutJugsAtomMess.exe
2009-11-23 20:52 . 2009-11-23 20:52 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\Corel
2009-11-23 20:52 . 2009-11-23 20:56 -------- d-----w- c:\program files\Corel
2009-11-23 20:52 . 2009-12-05 17:11 710656 ----a-w- c:\documents and settings\All Users\Application Data\second setup dale vc\download long.exe
2009-11-23 20:52 . 2009-11-23 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\second setup dale vc
2009-11-23 20:52 . 2009-11-23 20:52 709120 ----a-w- c:\documents and settings\Nijmawy\Application Data\COOL TITLE BORE\nhyoptwo.exe
2009-11-23 20:51 . 2009-11-23 20:51 -------- d-----w- c:\program files\COOL TITLE BORE
2009-11-23 20:51 . 2009-11-23 20:51 429568 ----a-w- c:\documents and settings\Nijmawy\Application Data\COOL TITLE BORE\Itch Rect.exe
2009-11-23 20:51 . 2009-11-23 20:53 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\COOL TITLE BORE
2009-11-23 20:50 . 2009-11-23 20:50 -------- d-----w- c:\program files\Crcle Developement
2009-11-23 20:50 . 2009-11-23 20:50 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-23 20:11 . 2009-11-23 21:09 -------- d-----w- c:\windows\Corel
2009-11-23 20:10 . 2009-11-23 20:10 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-23 20:10 . 2009-11-23 20:10 -------- d-----w- c:\windows\ShellNew
2009-11-23 20:06 . 2009-11-23 20:06 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\NetMedia Providers
2009-11-23 20:06 . 2009-11-23 20:06 -------- d-----w- c:\program files\Sonic Foundry
2009-11-23 20:06 . 2001-10-19 12:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2009-11-23 20:06 . 2001-10-19 12:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-11-23 20:06 . 2001-10-19 12:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2009-11-23 20:06 . 2001-10-19 12:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2009-11-23 20:05 . 2009-11-23 20:05 -------- d-----w- c:\program files\Sonic Foundry Setup
2009-11-23 20:02 . 2009-11-23 20:02 -------- d-----w- c:\program files\easyWebSave
2009-11-23 20:02 . 2009-11-23 20:02 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\easyWebBase
2009-11-23 19:41 . 2009-11-23 19:41 -------- d-----w- C:\My PageManager
2009-11-23 19:40 . 2009-11-23 19:40 -------- d-----w- c:\windows\system32\COLOR
2009-11-23 19:40 . 1997-10-13 11:19 11776 ----a-w- c:\windows\system32\PMSBFN32.DLL
2009-11-23 19:40 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe
2009-11-23 19:40 . 2009-11-23 19:40 -------- d-----w- c:\documents and settings\Nijmawy\WINDOWS
2009-11-23 19:35 . 2009-11-23 19:35 -------- d-----w- c:\program files\VMware
2009-11-23 19:29 . 2009-11-23 19:29 7680 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\Absolute Sound Recorder version 3.7.7\300000003400002i\dwwin.exe
2009-11-23 19:29 . 2009-11-23 19:29 7680 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\Absolute Sound Recorder version 3.7.7\400000ed00002i\Absolute Sound Recorder.exe
2009-11-23 19:27 . 2009-11-23 19:27 8704 ----a-w- c:\documents and settings\Nijmawy\Application Data\Thinstall\Absolute Sound Recorder version 3.6.1\300000003400002i\dwwin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 17:10 . 2009-06-11 17:37 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\SolidDocuments
2009-12-05 16:54 . 2009-06-11 16:53 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\DMCache
2009-12-04 17:49 . 2009-06-11 17:33 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\Thinstall
2009-11-27 11:24 . 2009-06-12 20:56 -------- d-----w- c:\program files\Common Files\Real
2009-11-27 11:23 . 2009-06-11 19:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-27 11:23 . 2006-09-28 17:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-26 21:24 . 2009-06-14 17:22 -------- d-----w- c:\program files\Right Click Image Converter
2009-11-25 06:30 . 2009-06-11 16:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-24 16:56 . 2009-06-11 19:47 -------- d-----w- c:\program files\SweetIM
2009-11-23 22:47 . 2009-06-11 18:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-23 21:31 . 2009-06-11 17:28 105304 ----a-w- c:\documents and settings\Nijmawy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 19:53 . 2009-06-11 18:00 -------- d-----w- c:\program files\MSBuild
2009-11-23 19:53 . 2009-06-11 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-23 19:47 . 2009-06-11 19:38 -------- d-----w- c:\program files\MessengerDiscovery
2009-11-23 19:46 . 2009-06-11 18:51 -------- d-----w- c:\documents and settings\Nijmawy\Application Data\URSoft
2009-11-23 19:40 . 2009-06-14 18:08 -------- d-----w- c:\program files\Scanner
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.
------- Sigcheck -------
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 247DFD6CBC939742D3EC7B53C120946F . 643072 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 . DEDB237CA07F66F40C9BA321EF10E4A9 . 1540608 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . DEDB237CA07F66F40C9BA321EF10E4A9 . 1540608 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 14:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KITCO"="c:\program files\Kitco\Kcast\Kcast" [X]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Tool Sign"="c:\docume~1\Nijmawy\APPLIC~1\COOLTI~1\Itch Rect.exe" [2009-11-23 429568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-30 121089]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2006-07-10 1106421]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2006-07-10 1848150]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-07-10 126976]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SolidCapture"="c:\program files\SolidDocuments\SolidCapture\solidcapture.exe" [2003-11-10 1433600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2009-6-11 929870]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 998B8282
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KYESCAN.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KYESCAN.lnk
backup=c:\windows\pss\KYESCAN.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TV Remote Control.lnk
backup=c:\windows\pss\TV Remote Control.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Nijmawy^Start Menu^Programs^Startup^C8C76A.lnk]
path=c:\documents and settings\Nijmawy\Start Menu\Programs\Startup\C8C76A.lnk
backup=c:\windows\pss\C8C76A.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SolidCapture"=c:\program files\SolidDocuments\SolidCapture\solidcapture.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImage.exe"=
"c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\TTMessenger\\ttmessenger2.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PjApp.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PjImp.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PhotoJoy.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/4/2009 7:38 PM 108289]
R2 LF30FS;LF30FS;c:\program files\Lock Folder XP 3.6\LF30XP.sys [11/19/2004 5:07 PM 101488]
R3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\drivers\adiusbae.sys [6/11/2009 5:56 PM 117785]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [6/11/2009 5:56 PM 414592]
S2 BulkUsb;Genius ColorPage USB Scanner;c:\windows\system32\drivers\usbscan.sys [6/14/2009 8:07 PM 15104]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A1CAF26E-52E0-D249-5C5C-C2D6D5210B1C}]
c:\windows\system32\Server\Server.exe s
.
Contents of the 'Scheduled Tasks' folder
2009-12-05 c:\windows\Tasks\A0AEFF8691B17DF6.job
- c:\docume~1\nijmawy\applic~1\coolti~1\Multi Mode Surf.exe [2009-11-23 20:53]
2009-12-05 c:\windows\Tasks\User_Feed_Synchronization-{EFA57747-2978-44F4-A469-0444433DEE4C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.lb/
IE: Download all links with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
IE: Download FLV video content with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: easyWebSave - c:\program files\easyWebSave\bin\adonbie.dll/ieSSave.htm
TCP: {45F9CC6F-5C9B-4554-A853-36BAC6A9E46E} = 85.112.85.85 85.112.85.86
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
AddRemove-{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548} - c:\program files\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe REMOVEALL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-12-05 19:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):32,c2,14,cc,25,29,7c,fd,6a,43,da,d7,e5,38,7c,70,87,3b,02,48,76,
c8,83,a5,29,a6,d6,f8,33,b4,82,e4,f1,e0,48,79,ca,3a,3e,d1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c571dae9-4d51-4c3f-b64c-46e255051b56}]
@Denied: (Full) (Everyone)
"Model"=dword:00000147
"Therad"=dword:00000002
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,f1,a3,a5,64,9b,9c,fc,43,f6,78,b8,05,22,0b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\relog_ap.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\wscntfy.exe
c:\program files\Kitco\Kcast\Kcast.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-12-05 19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 17:14
Pre-Run: 39,111,315,456 bytes free
Post-Run: 39,298,228,224 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 6214ED44204C3BE4E5B14141EF2F4AB9تأييد 0Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:11 PM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Portable Programs\System\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SolidCapture] C:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKCU\..\Run: [Tool Sign] C:\DOCUME~1\Nijmawy\APPLIC~1\COOLTI~1\Itch Rect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: C8C76A.lnk = C:\WINDOWS\system32\17B1A1\C8C76A.EXE
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: easyWebSave - res://C:\Program Files\easyWebSave\bin\adonbie.dll/ieSSave.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: easyWebSave - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\easyWebSave\bin\ezsvcfg.exe (HKCU)
O9 - Extra 'Tools' menuitem: easyWebSave - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\easyWebSave\bin\ezsvcfg.exe (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{45F9CC6F-5C9B-4554-A853-36BAC6A9E46E}: NameServer = 85.112.85.85 85.112.85.86
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 1: (no name) -يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
--
End of file - 6928 bytesتأييد 0
MAAX
عضوشرف
غير متصلحمل الملف التالي
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
وطبق عليه هذا الشرح
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نظف جهازك بهذه الاداة
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
وبلغنا اخر النتائجتأييد 0- الحالة
