مشاهدة النسخة كاملة : أداة SmitfraudFix _ لفحص وتنظيف الجهاز من الدعايات المزعجه ( شرح بالصور )
زيزوووم
04-12-2007, 05:44 PM
http://www.zyzoom.net/my_smile/51.gif
كيف حالكم ,, عساكم بخير ,,
الاداة ,, SmitfraudFix اقوى اداة لتنظيف الجهاز من البرامج الدعائية ,, وخطف صفحة البدء للانترنت اكسبلورر
وخطف سطح المكتب ,,,
وهذه صور تبين ,, اعراض الاصابه :noskjiuyweat:
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/0000.png
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/0003.png
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/0002.png
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/0001.png
http://www.zyzoom.net/my_smile/13410.gif
وهذا رد جاهز :noskjiuyweat: اذا احد الاعضاء عنده نفس هذه الدعايات ( اعمل نسخ لصق :tongue: )
( ملااحظه مهمه )
اذا لم تنجح عملية التنظيف ,, فالافضل استخدام الاداة بالوضع الآمن للويندوز
----------------------------------------------------------->
شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
http://www.zyzoom.net/my_smile/up.gif (http://siri.urz.free.fr/Fix/SmitfraudFix.exe)
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/000.png
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/001.png
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/002.png
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/003.png
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/004.png
http://www.zyzoom.net/zyzoom_absba/SmitfraudFix/pics/005.png
<-----------------------------------------------------------
kaspersky
04-12-2007, 05:51 PM
يعطيك مليون عافية
ويرحم والدينا والديك وجميع موتى المسلمين
دمت بوافر الود والتقدير
ابن الملوك
04-12-2007, 05:53 PM
ياشيخ الله ينور دربك
ماقصرت والله
بارك الله فيك وفي مجهودك
جزاك الله خير ورحم والديك واسكنك واسكنهم جنات الخلد
الف شكر وتحية
sport
04-12-2007, 05:57 PM
أشكرك أ.زيزوم على المجهود الرائع
والى الامام
kaspersky
04-12-2007, 06:09 PM
هذا تقرير جهازي
SmitFraudFix v2.257
Scan done at 17:55:11.47, Tue 12/04/2007
Run from C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\SmitfraudFix_1402\ SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com)
127.0.0.1 winantivirus.com
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C6BE34DE-C299-482B-AA81-5B8E60C5A495}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C6BE34DE-C299-482B-AA81-5B8E60C5A495}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C6BE34DE-C299-482B-AA81-5B8E60C5A495}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
زيزوووم
04-12-2007, 06:12 PM
فديتكم فرداا فرداااااا :noskjiuyweat:
ياهلاااا ومليوون مسهلااا ,,,
بارك الله فيكم لتشريفكم العطر
زيزوووم
04-12-2007, 06:17 PM
هذا تقرير جهازي
SmitFraudFix v2.257
Scan done at 17:55:11.47, Tue 12/04/2007
Run from C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\SmitfraudFix_1402\ SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com)
127.0.0.1 winantivirus.com
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C6BE34DE-C299-482B-AA81-5B8E60C5A495}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C6BE34DE-C299-482B-AA81-5B8E60C5A495}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C6BE34DE-C299-482B-AA81-5B8E60C5A495}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
التقرير سليم حبيب قلبي :smile:
kaspersky
04-12-2007, 06:22 PM
يعطيك العافية ........ وتسلم يالغالي
دمت بوافر الود والتقدير
زيزوووم
04-12-2007, 06:34 PM
يعافيك وتسلم ياذووق
كل الود والتقدير
F.Lampard
04-12-2007, 08:10 PM
ألــف شكر لك يالغالي وهذا تقريري
SmitFraudFix v2.257
Scan done at 19:17:57.81, Tue 12/04/2007
Run from C:\Documents and Settings\Abdulaziz\My Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Generic Marvell Yukon Chipset based Ethernet Controller - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 212.24.224.45
DNS Server Search Order: 212.24.224.35
HKLM\SYSTEM\CCS\Services\Tcpip\..\{21401E5A-45AC-41C1-822A-D222BF5615A9}: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{21401E5A-45AC-41C1-822A-D222BF5615A9}: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CS2\Services\Tcpip\..\{21401E5A-45AC-41C1-822A-D222BF5615A9}: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.24.224.45 212.24.224.35
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
زيزوووم
04-12-2007, 09:07 PM
ألــف شكر لك يالغالي وهذا تقريري
SmitFraudFix v2.257
Scan done at 19:17:57.81, Tue 12/04/2007
Run from C:\Documents and Settings\Abdulaziz\My Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Generic Marvell Yukon Chipset based Ethernet Controller - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 212.24.224.45
DNS Server Search Order: 212.24.224.35
HKLM\SYSTEM\CCS\Services\Tcpip\..\{21401E5A-45AC-41C1-822A-D222BF5615A9}: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{21401E5A-45AC-41C1-822A-D222BF5615A9}: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CS2\Services\Tcpip\..\{21401E5A-45AC-41C1-822A-D222BF5615A9}: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.24.224.45 212.24.224.35
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.24.224.45 212.24.224.35
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
تقريرك حلووو ياحلوو :icofdren31:
aymantaiger
04-12-2007, 11:14 PM
مشكور يا الغالي
boob77
21-12-2007, 04:18 PM
الف شكر يالغالي بارك الله فيك
واسمحلي استخدم كل ادواتك في حل مشاكل الاعضاء بمنتديات ثانية هع
طبعا مع حقوقك يالغالي
زيزوووم
21-12-2007, 04:25 PM
هلا والله وغلا فيكم ... وتسلمووون ياغالين
أحبائي أسعدني وشرفني حضوركم العطر
شــاكر لطف ردودكم ... وربي يعطيكم العافية
زيزوووم
21-12-2007, 04:26 PM
الف شكر يالغالي بارك الله فيك
واسمحلي استخدم كل ادواتك في حل مشاكل الاعضاء بمنتديات ثانية هع
طبعا مع حقوقك يالغالي
:noskjiuyweat::noskjiuyweat::noskjiuyweat::noskjiu yweat:
boob77
21-12-2007, 04:31 PM
:noskjiuyweat::noskjiuyweat::noskjiuyweat::noskjiu yweat:
معناته نتوكل على الله :biggrin::biggrin::iconmju30:
الله يوفقك يارب :smile:
عاشق الريم
07-01-2008, 02:22 PM
وهذا تقرير جهازي يا بطل
SmitFraudFix v2.274
Scan done at 14:14:53.93, Mon 01/07/2008
Run from C:\Documents and Settings\ëں©\«ل¥ ںéêè¢ \SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com)
127.0.0.1 winantivirus.com
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetXtreme Gigabit Ethernet - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D14519B0-E56A-44A1-86F5-AF512CE86A9A}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D14519B0-E56A-44A1-86F5-AF512CE86A9A}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D14519B0-E56A-44A1-86F5-AF512CE86A9A}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
الصامت
07-01-2008, 05:43 PM
هذا تقرير جهازي والله يجزاك خير
SmitFraudFix v2.274
Scan done at 17:21:34.71, Mon 01/07/2008
Run from C:\Documents and Settings\xp\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe}"="end"
[HKEY_CLASSES_ROOT\CLSID\{aaad3a22-1c07-45f5-bfb3-e9a8c3b382fe}\InProcServer32]
@="C:\WINDOWS\system32\fsehfcu.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aaad3a2 2-1c07-45f5-bfb3-e9a8c3b382fe}\InProcServer32]
@="C:\WINDOWS\system32\fsehfcu.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com (http://www.drivecleaner.com) ## added by CiD
127.0.0.1 www.errorprotector.com (http://www.errorprotector.com) ## added by CiD
127.0.0.1 www.errorsafe.com (http://www.errorsafe.com) ## added by CiD
127.0.0.1 www.systemdoctor.com (http://www.systemdoctor.com) ## added by CiD
127.0.0.1 www.utils.winfixer.com (http://www.utils.winfixer.com) ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com (http://www.win-anti-virus-pro.com) ## added by CiD
127.0.0.1 www.win-virus-pro.com (http://www.win-virus-pro.com) ## added by CiD
127.0.0.1 www.winantispam.com (http://www.winantispam.com) ## added by CiD
127.0.0.1 www.winantispy.com (http://www.winantispy.com) ## added by CiD
127.0.0.1 www.winantispyware.com (http://www.winantispyware.com) ## added by CiD
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com) ## added by CiD
127.0.0.1 www.winantiviruspro.com (http://www.winantiviruspro.com) ## added by CiD
127.0.0.1 www.windrivecleaner.com (http://www.windrivecleaner.com) ## added by CiD
127.0.0.1 www.windrivesafe.com (http://www.windrivesafe.com) ## added by CiD
127.0.0.1 www.winfixer.com (http://www.winfixer.com) ## added by CiD
127.0.0.1 www.winfixer2006.com (http://www.winfixer2006.com) ## added by CiD
127.0.0.1 www.winsoftware.com (http://www.winsoftware.com) ## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\fsehfcu.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\fsehfcu.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Video Add-on\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8CEACD9B-627D-46EB-8468-D17C9EF52E49}: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8CEACD9B-627D-46EB-8468-D17C9EF52E49}: NameServer=212.76.68.200,212.76.68.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8CEACD9B-627D-46EB-8468-D17C9EF52E49}: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8CEACD9B-627D-46EB-8468-D17C9EF52E49}: NameServer=212.76.68.200,212.76.68.201
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8CEACD9B-627D-46EB-8468-D17C9EF52E49}: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8CEACD9B-627D-46EB-8468-D17C9EF52E49}: NameServer=212.76.68.200,212.76.68.201
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.76.68.200 212.76.68.201
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
harbic
07-01-2008, 09:02 PM
اخى زيزوم بودى تشوف هذا الموضوع حيث ان اداة كاسبر كشفتا ن البرنامج هذا به فيروس sality
http://www.zyzoom.org/vb/t4832.html
سيف الغلا
08-01-2008, 12:16 AM
مشكور اخوي العزيز
الدعايات مجننتني
استخدمت الاداه لكن ترجع حين اشغل الجهاز في اليوم الثاني
اي كل يوم اشغل الجهاز اقوم بتنظيفة بالاداه
فية حل انها تروح نهاياً اشرحلي لوسمحت
علي عبد الستار
08-01-2008, 11:23 AM
السلام عليكم
يسلمو على هذه الاداة والله فعلا محتاج هذه الاداة
السلام عليكم
أبو رهيم
26-01-2008, 11:37 PM
ماشاء الله تبارك الله
الله يقويك أخوي تركي
مدرسة في الحماية الله يحميك ..
sdook
31-01-2008, 02:47 PM
مشكور ورحم الله والديك
أسير&الشعر
02-02-2008, 09:03 PM
هذا التقرير الي طلع معاي..
SmitFraudFix v2.278
Scan done at 20:55:33.14, Sat 02/02/2008
Run from C:\Documents and Settings\N a W a F\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
Error while deleting D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll.
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
والله يعطيك العافيه يبو عتب:)
والله يرحم موتاك وموتى المسلمين..
سلام
زيزوووم
02-02-2008, 09:09 PM
يا هلا وغلا بالجميع
اسعدني جدا تواجدكم وردودكم الجميلة
تحيه من القلب للجميع
زيزوووم
02-02-2008, 09:13 PM
وهذا تقرير جهازي يا بطل
»»»»»»»»»»»»»»»»»»»»»»»» End
:eek::eek: من متى هذا :blusnuphing::blusnuphing:
كل العذر اخوي على التأخير ,,
التقرير سليم :iconmju30:
زيزوووم
02-02-2008, 09:16 PM
هذا تقرير جهازي والله يجزاك خير
»»»»»»»»»»»»»»»»»»»»»»»» End
ويجزاك خير ويبارك فيك
وجد عندك ملفات ضاره وتم حذفها
زيزوووم
02-02-2008, 09:20 PM
اخى زيزوم بودى تشوف هذا الموضوع حيث ان اداة كاسبر كشفتا ن البرنامج هذا به فيروس sality
http://www.zyzoom.org/vb/t4832.html
هلااا فيك اخي العزيز
التحذير بوجود ملف خطر وليس "فايروس"
زيزوووم
02-02-2008, 09:24 PM
مشكور اخوي العزيز
الدعايات مجننتني
استخدمت الاداه لكن ترجع حين اشغل الجهاز في اليوم الثاني
اي كل يوم اشغل الجهاز اقوم بتنظيفة بالاداه
فية حل انها تروح نهاياً اشرحلي لوسمحت
هلااا فيك ,, وعذرا على التأخير
اعمل هذا التقرير ,, اذا مازلت تعاني من المشكله :blbyeh:
طيب اعمل تقرير هايجاك
حمل هذا الملف وشغله ,, لحظات يظهر لك تقرير
انسخه والصقه بردك القادم
http://www.zyzoom.net/soft/security/tools/Zyzoom_3IN1_hijackthis_&_RunningProcess_&_StartupList.exe
زيزوووم
02-02-2008, 09:27 PM
هذا التقرير الي طلع معاي..
SmitFraudFix v2.278
Scan done at 20:55:33.14, Sat 02/02/2008
Run from C:\Documents and Settings\N a W a F\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
Error while deleting D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll.
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
والله يعطيك العافيه يبو عتب:)
والله يرحم موتاك وموتى المسلمين..
سلام
ووالديك وجميع المسلمين
عندك ملف وما استطاعة الاداة من حذفه
اعمل تقرير هايجاك
حمل هذا الملف وشغله ,, لحظات يظهر لك تقرير
انسخه والصقه بردك القادم
http://www.zyzoom.net/soft/security/tools/Zyzoom_3IN1_hijackthis_&_RunningProcess_&_StartupList.exe
أسير&الشعر
02-02-2008, 09:41 PM
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:07 م, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\Hotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Pokluda\InkMonitor\InkMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TorCP\torcp.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\WINDOWS\zpitsp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\lg_swupdate\tmcheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\NAWAF~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\NAWAF~1\LOCALS~1\Temp\bntoz\HijackThis .exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 200.37.63.11:80
F2 - REG:system.ini: Shell=Explorer.exe c:\windows\Autorun.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\icom accelerator\components\NOWImaging.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [lrrpfgcp] C:\WINDOWS\lrrpfgcp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [InkMonitor] C:\Program Files\Pokluda\InkMonitor\InkMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TorCP] C:\Program Files\TorCP\torcp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: gce.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &BitSpirit حمله باستخدام
- C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://go.microsoft.com/fwlink/?linkid=39204)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab (http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175174415265 (http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175174415265)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab (http://www.systemrequirementslab.com/sysreqlab2.cab)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177550462406 (http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177550462406)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://driveragent.com/files/driveragent.cab)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 9992 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 960
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 25/01/1429 08:38:00 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 428 K
Mem Usage Peak : 668 K
Page Faults : 292
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1016
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 25/01/1429 08:38:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5464 K
Mem Usage Peak : 5660 K
Page Faults : 9805
Pagefile Usage : 2068 K
Pagefile Peak Usage : 2164 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1040
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4180 K
Mem Usage Peak : 16352 K
Page Faults : 9416
Pagefile Usage : 6616 K
Pagefile Peak Usage : 8648 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1084
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4020 K
Mem Usage Peak : 4024 K
Page Faults : 3008
Pagefile Usage : 1908 K
Pagefile Peak Usage : 2020 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1096
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1620 K
Mem Usage Peak : 7348 K
Page Faults : 6820
Pagefile Usage : 4440 K
Pagefile Peak Usage : 4472 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1252
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:05 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5560 K
Mem Usage Peak : 5612 K
Page Faults : 1623
Pagefile Usage : 3284 K
Pagefile Peak Usage : 23396 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1332
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4920 K
Mem Usage Peak : 4924 K
Page Faults : 1419
Pagefile Usage : 2176 K
Pagefile Peak Usage : 2320 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1380
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 40080 K
Mem Usage Peak : 133616 K
Page Faults : 218135
Pagefile Usage : 27932 K
Pagefile Peak Usage : 122020 K
File Attributes : A
==================================================
==================================================
Process Name : StyleXPService.exe
ProcessID : 1408
Priority : Normal
Product Name : StyleXPService Module
Version : 0, 20, 0, 3000
Description : StyleXPService Module
Company :
Window Title :
File Size : 372,736
File Created Date : 26/04/1427 06:31:06 م
File Modified Date : 26/04/1427 06:31:06 م
Filename : C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3700 K
Mem Usage Peak : 4164 K
Page Faults : 203620
Pagefile Usage : 1128 K
Pagefile Peak Usage : 1356 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1580
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3784 K
Mem Usage Peak : 3904 K
Page Faults : 1137
Pagefile Usage : 1472 K
Pagefile Peak Usage : 1612 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1652
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:07 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 9932 K
Mem Usage Peak : 9976 K
Page Faults : 6824
Pagefile Usage : 6884 K
Pagefile Peak Usage : 6960 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 288
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 04/05/1426 11:53:32 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6196 K
Mem Usage Peak : 6212 K
Page Faults : 1804
Pagefile Usage : 3864 K
Pagefile Peak Usage : 4016 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 404
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 23388 K
Mem Usage Peak : 83936 K
Page Faults : 438757
Pagefile Usage : 50292 K
Pagefile Peak Usage : 115600 K
File Attributes : A
==================================================
==================================================
Process Name : BTNtService.exe
ProcessID : 436
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 110,592
File Created Date : 16/03/1428 11:36:21 م
File Modified Date : 27/02/1426 11:03:28 م
Filename : C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2776 K
Mem Usage Peak : 2776 K
Page Faults : 774
Pagefile Usage : 1916 K
Pagefile Peak Usage : 1964 K
File Attributes : A
==================================================
==================================================
Process Name : DUMeterSvc.exe
ProcessID : 464
Priority : Normal
Product Name : DU Meter
Version : 4.0 Build R3009
Description : DU Meter Service
Company : Hagel Technologies Ltd
Window Title :
File Size : 1,382,672
File Created Date : 18/01/1429 09:15:37 م
File Modified Date : 04/10/1428 12:19:38 م
Filename : C:\Program Files\DU Meter\DUMeterSvc.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:09 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7052 K
Mem Usage Peak : 7052 K
Page Faults : 4317
Pagefile Usage : 7248 K
Pagefile Peak Usage : 8408 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 612
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:09 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3788 K
Mem Usage Peak : 3796 K
Page Faults : 1005
Pagefile Usage : 1716 K
Pagefile Peak Usage : 1740 K
File Attributes : A
==================================================
==================================================
Process Name : WMPNetwk.exe
ProcessID : 108
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 11.0.5721.5145 (WMP_11.061018-2006)
Description : خدمة مشاركة الشبكة لـ Windows Media Player
Company : Microsoft Corporation
Window Title :
File Size : 909,312
File Created Date : 11/11/1427 07:03:38 م
File Modified Date : 11/11/1427 07:03:38 م
Filename : C:\Program Files\Windows Media Player\WMPNetwk.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:10 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 26200 K
Mem Usage Peak : 26208 K
Page Faults : 10494
Pagefile Usage : 10556 K
Pagefile Peak Usage : 10624 K
File Attributes :
==================================================
==================================================
Process Name : alg.exe
ProcessID : 1992
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:13 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3864 K
Mem Usage Peak : 3872 K
Page Faults : 1032
Pagefile Usage : 1292 K
Pagefile Peak Usage : 1316 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPLpr.exe
ProcessID : 2424
Priority : Normal
Product Name : Synaptics Pointing Device Driver
Version : 7.12.9.4 14Feb05
Description : TouchPad Driver Helper Application
Company : Synaptics, Inc.
Window Title :
File Size : 98,396
File Created Date : 11/03/1428 10:05:53 ص
File Modified Date : 06/01/1426 08:59:12 ص
Filename : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 3588 K
Mem Usage Peak : 3648 K
Page Faults : 1065
Pagefile Usage : 1036 K
Pagefile Peak Usage : 1072 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPEnh.exe
ProcessID : 2432
Priority : Normal
Product Name : Synaptics Pointing Device Driver
Version : 7.12.9.4 14Feb05
Description : Synaptics TouchPad Enhancements
Company : Synaptics, Inc.
Window Title :
File Size : 667,740
File Created Date : 11/03/1428 10:05:52 ص
File Modified Date : 06/01/1426 08:58:10 ص
Filename : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 1
Hidden Windows : 7
User Name : NAWAF\N a W a F
Mem Usage : 5412 K
Mem Usage Peak : 5412 K
Page Faults : 1576
Pagefile Usage : 1756 K
Pagefile Peak Usage : 1772 K
File Attributes : A
==================================================
==================================================
Process Name : batterymiser.exe
ProcessID : 2440
Priority : Normal
Product Name : Battery Miser
Version : 3, 37, 0, 0
Description : Battery Miser
Company : LG Electronics Inc.
Window Title :
File Size : 335,872
File Created Date : 11/03/1428 10:14:16 ص
File Modified Date : 06/05/1427 12:54:34 ص
Filename : C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 4488 K
Mem Usage Peak : 5288 K
Page Faults : 6003
Pagefile Usage : 2816 K
Pagefile Peak Usage : 2880 K
File Attributes : A
==================================================
==================================================
Process Name : Hotkey.exe
ProcessID : 2448
Priority : Normal
Product Name : HotKey
Version : 1, 0, 0, 0
Description : HotKey
Company : LG Electronics
Window Title :
File Size : 86,016
File Created Date : 11/03/1428 10:14:42 ص
File Modified Date : 19/05/1426 02:09:56 ص
Filename : C:\Program Files\LG Software\On Screen Display\Hotkey.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 0
Hidden Windows : 5
User Name : NAWAF\N a W a F
Mem Usage : 6244 K
Mem Usage Peak : 6296 K
Page Faults : 1869
Pagefile Usage : 3004 K
Pagefile Peak Usage : 3880 K
File Attributes : A
==================================================
==================================================
Process Name : AGRSMMSG.exe
ProcessID : 2464
Priority : Normal
Product Name : Agere SoftModem Messaging Applet
Version : 2.1.47.8 2.1.47.8 11/09/2004 17:19:25
Description : SoftModem Messaging Applet
Company : Agere Systems
Window Title :
File Size : 88,358
File Created Date : 11/03/1428 02:04:42 م
File Modified Date : 27/09/1425 08:19:26 ص
Filename : C:\WINDOWS\AGRSMMSG.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 3520 K
Mem Usage Peak : 3576 K
Page Faults : 1029
Pagefile Usage : 996 K
Pagefile Peak Usage : 996 K
File Attributes : AR
==================================================
==================================================
Process Name : RunDll32.exe
ProcessID : 2472
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Run a DLL as an App
Company : Microsoft Corporation
Window Title :
File Size : 33,280
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\RunDll32.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 5428 K
Mem Usage Peak : 5500 K
Page Faults : 4211
Pagefile Usage : 2860 K
Pagefile Peak Usage : 2864 K
File Attributes : A
==================================================
==================================================
Process Name : hkcmd.exe
ProcessID : 2488
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4497
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 77,824
File Created Date : 11/03/1428 09:55:02 ص
File Modified Date : 09/01/1427 11:36:06 م
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 0
Hidden Windows : 12
User Name : NAWAF\N a W a F
Mem Usage : 3712 K
Mem Usage Peak : 3780 K
Page Faults : 1045
Pagefile Usage : 912 K
Pagefile Peak Usage : 976 K
File Attributes : A
==================================================
==================================================
Process Name : igfxpers.exe
ProcessID : 2496
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4497
Description : persistence Module
Company : Intel Corporation
Window Title :
File Size : 118,784
File Created Date : 09/01/1427 11:40:02 م
File Modified Date : 09/01/1427 11:40:02 م
Filename : C:\WINDOWS\system32\igfxpers.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 3684 K
Mem Usage Peak : 3756 K
Page Faults : 1025
Pagefile Usage : 880 K
Pagefile Peak Usage : 896 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 2504
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:15 م
Visible Windows : 0
Hidden Windows : 8
User Name : NAWAF\N a W a F
Mem Usage : 3484 K
Mem Usage Peak : 9688 K
Page Faults : 13678
Pagefile Usage : 7508 K
Pagefile Peak Usage : 7636 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 2560
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.3760
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 29/09/1428 03:29:59 م
File Modified Date : 29/09/1428 03:29:59 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 192 K
Mem Usage Peak : 3396 K
Page Faults : 17055
Pagefile Usage : 1232 K
Pagefile Peak Usage : 1240 K
File Attributes : A
==================================================
==================================================
Process Name : IP Operator 2005.exe
ProcessID : 2568
Priority : Normal
Product Name : IPO3 ?? ????
Version : 1, 0, 0, 1
Description : IPO3 MFC ?? ????
Company :
Window Title :
File Size : 1,028,096
File Created Date : 11/03/1428 10:14:54 ص
File Modified Date : 11/05/1426 08:02:44 م
Filename : C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 16
User Name : NAWAF\N a W a F
Mem Usage : 7224 K
Mem Usage Peak : 7352 K
Page Faults : 1974
Pagefile Usage : 2860 K
Pagefile Peak Usage : 2860 K
File Attributes : A
==================================================
==================================================
Process Name : jusched.exe
ProcessID : 2576
Priority : Normal
Product Name : Java(TM) Platform SE 6 U3
Version : 6.0.30.5
Description : Java(TM) Platform SE binary
Company : Sun Microsystems, Inc.
Window Title :
File Size : 132,496
File Created Date : 23/10/1428 10:59:03 م
File Modified Date : 13/09/1428 10:11:35 م
Filename : C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 0
User Name : NAWAF\N a W a F
Mem Usage : 2684 K
Mem Usage Peak : 2684 K
Page Faults : 716
Pagefile Usage : 872 K
Pagefile Peak Usage : 872 K
File Attributes : A
==================================================
==================================================
Process Name : hpztsb09.exe
ProcessID : 2584
Priority : Normal
Product Name : HP DeskJet
Version : 2.236.4.0
Description :
Company : HP
Window Title :
File Size : 176,128
File Created Date : 27/11/1428 10:26:23 م
File Modified Date : 05/07/1424 11:42:50 ص
Filename : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 3748 K
Mem Usage Peak : 3876 K
Page Faults : 1322
Pagefile Usage : 1140 K
Pagefile Peak Usage : 1272 K
File Attributes : A
==================================================
==================================================
Process Name : HPWuSchd.exe
ProcessID : 2592
Priority : Normal
Product Name : Hewlett-Packard hpwuSchd
Version : 1, 0, 0, 2
Description : hpwuSchd
Company : Hewlett-Packard
Window Title :
File Size : 49,152
File Created Date : 25/04/1424 08:24:48 ص
File Modified Date : 25/04/1424 08:24:48 ص
Filename : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 3200 K
Mem Usage Peak : 3264 K
Page Faults : 920
Pagefile Usage : 824 K
Pagefile Peak Usage : 824 K
File Attributes : A
==================================================
==================================================
Process Name : hpcmpmgr.exe
ProcessID : 2600
Priority : Normal
Product Name : hp coretech (COmponent REuse TECHnology)
Version : 2.1.1
Description : HP Framework Component Manager Service
Company : Hewlett-Packard Company
Window Title :
File Size : 233,472
File Created Date : 27/08/1424 04:51:18 م
File Modified Date : 27/08/1424 04:51:18 م
Filename : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 9076 K
Mem Usage Peak : 9188 K
Page Faults : 2773
Pagefile Usage : 4980 K
Pagefile Peak Usage : 5876 K
File Attributes : A
==================================================
==================================================
Process Name : hpotdd01.exe
ProcessID : 2608
Priority : Normal
Product Name : Hewlett-Packard hpotdd01
Version : 1, 0, 0, 1
Description : hpotdd01
Company : Hewlett-Packard
Window Title :
File Size : 229,437
File Created Date : 20/03/1424 03:37:08 م
File Modified Date : 20/03/1424 03:37:08 م
Filename : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 4
User Name : NAWAF\N a W a F
Mem Usage : 5052 K
Mem Usage Peak : 5116 K
Page Faults : 2006
Pagefile Usage : 1544 K
Pagefile Peak Usage : 1544 K
File Attributes : A
==================================================
==================================================
Process Name : InkMonitor.exe
ProcessID : 2616
Priority : Normal
Product Name : InkMonitor Application
Version : 2.1.2
Description : InkMonitor
Company :
Window Title :
File Size : 143,360
File Created Date : 02/01/1422 07:29:46 م
File Modified Date : 02/01/1422 07:29:46 م
Filename : C:\Program Files\Pokluda\InkMonitor\InkMonitor.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 4
User Name : NAWAF\N a W a F
Mem Usage : 4040 K
Mem Usage Peak : 4104 K
Page Faults : 1136
Pagefile Usage : 972 K
Pagefile Peak Usage : 972 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 2624
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 5
User Name : NAWAF\N a W a F
Mem Usage : 3980 K
Mem Usage Peak : 4072 K
Page Faults : 1393
Pagefile Usage : 1044 K
Pagefile Peak Usage : 1056 K
File Attributes : A
==================================================
==================================================
Process Name : MsnMsgr.Exe
ProcessID : 2632
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 01/01/1428 08:55:14 م
File Modified Date : 01/01/1428 08:55:14 م
Filename : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 1
Hidden Windows : 40
User Name : NAWAF\N a W a F
Mem Usage : 23968 K
Mem Usage Peak : 47992 K
Page Faults : 76297
Pagefile Usage : 41392 K
Pagefile Peak Usage : 45484 K
File Attributes : A
==================================================
==================================================
Process Name : torcp.exe
ProcessID : 2648
Priority : Normal
Product Name : TorCP
Version : 0.0.4
Description : Tor Control Panel
Company : Matt Edman
Window Title :
File Size : 225,280
File Created Date : 11/11/1426 07:51:36 م
File Modified Date : 11/11/1426 07:51:36 م
Filename : C:\Program Files\TorCP\torcp.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 6
User Name : NAWAF\N a W a F
Mem Usage : 5032 K
Mem Usage Peak : 5132 K
Page Faults : 350193
Pagefile Usage : 1128 K
Pagefile Peak Usage : 1192 K
File Attributes : A
==================================================
==================================================
Process Name : StyleXP.exe
ProcessID : 2656
Priority : Normal
Product Name : StyleXP Application
Version : 0, 30, 19, 0
Description : StyleXP Application
Company :
Window Title :
File Size : 1,372,160
File Created Date : 26/04/1427 06:31:39 م
File Modified Date : 26/04/1427 06:31:39 م
Filename : C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 15856 K
Mem Usage Peak : 16040 K
Page Faults : 9659
Pagefile Usage : 11664 K
Pagefile Peak Usage : 15728 K
File Attributes : A
==================================================
==================================================
Process Name : WMPNSCFG.exe
ProcessID : 2672
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 11.0.5721.5145 (WMP_11.061018-2006)
Description : تطبيق تكوين خدمة مشاركة الشبكة لـ Windows Media Player
Company : Microsoft Corporation
Window Title :
File Size : 204,288
File Created Date : 11/11/1427 07:03:46 م
File Modified Date : 11/11/1427 07:03:46 م
Filename : C:\Program Files\Windows Media Player\WMPNSCFG.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 4
User Name : NAWAF\N a W a F
Mem Usage : 4788 K
Mem Usage Peak : 4848 K
Page Faults : 1330
Pagefile Usage : 1288 K
Pagefile Peak Usage : 1304 K
File Attributes :
==================================================
==================================================
Process Name : DUMeter.exe
ProcessID : 2680
Priority : Normal
Product Name : DU Meter
Version : 4.0 Build R3009
Description : DU Meter Monitor
Company : Hagel Technologies Ltd
Window Title : DU Meter
File Size : 2,582,288
File Created Date : 18/01/1429 09:15:36 م
File Modified Date : 04/10/1428 12:19:36 م
Filename : C:\Program Files\DU Meter\DUMeter.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 1
Hidden Windows : 11
User Name : NAWAF\N a W a F
Mem Usage : 6284 K
Mem Usage Peak : 7900 K
Page Faults : 6418
Pagefile Usage : 4740 K
Pagefile Peak Usage : 5732 K
File Attributes : A
==================================================
==================================================
Process Name : IDMan.exe
ProcessID : 2752
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.12.6.0
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title :
File Size : 2,577,840
File Created Date : 15/01/1429 01:06:25 م
File Modified Date : 25/01/1429 05:35:58 م
Filename : C:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 7
User Name : NAWAF\N a W a F
Mem Usage : 16772 K
Mem Usage Peak : 17952 K
Page Faults : 10062
Pagefile Usage : 6952 K
Pagefile Peak Usage : 8276 K
File Attributes : A
==================================================
==================================================
Process Name : BlueSoleil.exe
ProcessID : 2780
Priority : Normal
Product Name : BlueSoleil
Version : 1, 6, 1, 4
Description : Bluetooth Application
Company : IVT Corporation
Window Title :
File Size : 1,183,744
File Created Date : 16/03/1428 11:36:15 م
File Modified Date : 29/04/1426 08:23:08 م
Filename : C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 8
User Name : NAWAF\N a W a F
Mem Usage : 11920 K
Mem Usage Peak : 12020 K
Page Faults : 4355
Pagefile Usage : 6684 K
Pagefile Peak Usage : 6692 K
File Attributes : A
==================================================
==================================================
Process Name : gce.exe
ProcessID : 2788
Priority : Normal
Product Name : gce
Version : 5.00
Description :
Company : Leithauser Research
Window Title : Clock Guard Enforcer
File Size : 30,720
File Created Date : 21/09/1428 02:34:22 م
File Modified Date : 23/06/1428 07:02:08 م
Filename : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 1
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 4528 K
Mem Usage Peak : 4528 K
Page Faults : 1243
Pagefile Usage : 1136 K
Pagefile Peak Usage : 1140 K
File Attributes : A
==================================================
==================================================
Process Name : WZQKPICK.EXE
ProcessID : 2836
Priority : Normal
Product Name : WinZip
Version : 1.0 (32-bit)
Description : WinZip Executable
Company : WinZip Computing, S.L.
Window Title :
File Size : 394,856
File Created Date : 21/11/1428 08:10:00 ص
File Modified Date : 21/11/1428 08:10:00 ص
Filename : C:\Program Files\WinZip\WZQKPICK.EXE
Base Address : 0x00400000
Created On : 25/01/1429 08:38:16 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 3784 K
Mem Usage Peak : 3868 K
Page Faults : 1076
Pagefile Usage : 872 K
Pagefile Peak Usage : 872 K
File Attributes : AR
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 904
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 11/03/1428 07:02:08 ص
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 25/01/1429 08:38:24 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5884 K
Mem Usage Peak : 6068 K
Page Faults : 2319
Pagefile Usage : 2036 K
Pagefile Peak Usage : 3092 K
File Attributes : A
==================================================
==================================================
Process Name : gce.exe
ProcessID : 1880
Priority : Normal
Product Name : gce
Version : 5.00
Description :
Company : Leithauser Research
Window Title : wsgc
File Size : 30,720
File Created Date : 21/09/1428 02:34:22 م
File Modified Date : 23/06/1428 07:02:08 م
Filename : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:25 م
Visible Windows : 1
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 4276 K
Mem Usage Peak : 4280 K
Page Faults : 1166
Pagefile Usage : 1132 K
Pagefile Peak Usage : 1136 K
File Attributes : A
==================================================
==================================================
Process Name : zpitsp.exe
ProcessID : 1908
Priority : Normal
Product Name : WatcherCG
Version : 1.01
Description :
Company : Leithauser Research
Window Title : ctgpp
File Size : 13,312
File Created Date : 21/09/1428 02:34:22 م
File Modified Date : 23/06/1428 06:43:56 م
Filename : C:\WINDOWS\zpitsp.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:25 م
Visible Windows : 1
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 4288 K
Mem Usage Peak : 4356 K
Page Faults : 1235
Pagefile Usage : 1172 K
Pagefile Peak Usage : 1176 K
File Attributes : A
==================================================
==================================================
Process Name : IEMonitor.exe
ProcessID : 2940
Priority : Normal
Product Name : IEMonitor Application
Version : 3, 0, 0, 1
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,576
File Created Date : 15/01/1429 01:06:20 م
File Modified Date : 02/02/1428 02:53:52 م
Filename : C:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:38:53 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 6468 K
Mem Usage Peak : 6540 K
Page Faults : 4119
Pagefile Usage : 3120 K
Pagefile Peak Usage : 3244 K
File Attributes : A
==================================================
==================================================
Process Name : tmcheck.exe
ProcessID : 2084
Priority : Normal
Product Name : LG Intelligent Update
Version : 1.00
Description :
Company : CST
Window Title :
File Size : 20,480
File Created Date : 11/03/1428 09:51:18 ص
File Modified Date : 12/11/1425 11:46:54 م
Filename : C:\Program Files\lg_swupdate\tmcheck.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:40:29 م
Visible Windows : 0
Hidden Windows : 4
User Name : NAWAF\N a W a F
Mem Usage : 3928 K
Mem Usage Peak : 3984 K
Page Faults : 1085
Pagefile Usage : 1076 K
Pagefile Peak Usage : 1076 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 2296
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 97,136
File Created Date : 01/01/1428 08:54:14 م
File Modified Date : 01/01/1428 08:54:14 م
Filename : C:\Program Files\MSN Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 25/01/1429 08:40:46 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2816 K
Mem Usage Peak : 2816 K
Page Faults : 765
Pagefile Usage : 980 K
Pagefile Peak Usage : 980 K
File Attributes : A
==================================================
==================================================
Process Name : explorer.exe
ProcessID : 3064
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,033,216
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 28/05/1428 10:23:07 ص
Filename : C:\WINDOWS\explorer.exe
Base Address : 0x01000000
Created On : 25/01/1429 09:01:29 م
Visible Windows : 2
Hidden Windows : 30
User Name : NAWAF\N a W a F
Mem Usage : 24196 K
Mem Usage Peak : 26212 K
Page Faults : 31739
Pagefile Usage : 16248 K
Pagefile Peak Usage : 18660 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 3712
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : أداة SmitfraudFix _ لفحص وتنظيف الجهاز من الدعايات المزعجه ( شرح بالصور ) - الصفحة 3 - زيزوووم - Microsoft Internet Explorer
File Size : 93,184
File Created Date : 11/03/1428 07:04:12 ص
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 25/01/1429 09:11:31 م
Visible Windows : 4
Hidden Windows : 65
User Name : NAWAF\N a W a F
Mem Usage : 63880 K
Mem Usage Peak : 66484 K
Page Faults : 48443
Pagefile Usage : 46428 K
Pagefile Peak Usage : 49480 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 836
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 09:20:37 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4504 K
Mem Usage Peak : 4524 K
Page Faults : 1251
Pagefile Usage : 2640 K
Pagefile Peak Usage : 2756 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 3956
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 25/01/1429 06:39:58 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\NAWAF~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 25/01/1429 09:39:58 م
Visible Windows : 0
Hidden Windows : 0
User Name : NAWAF\N a W a F
Mem Usage : 2520 K
Mem Usage Peak : 2532 K
Page Faults : 736
Pagefile Usage : 824 K
Pagefile Peak Usage : 928 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2368
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 25/01/1429 09:39:58 م
Visible Windows : 0
Hidden Windows : 1
User Name : NAWAF\N a W a F
Mem Usage : 3048 K
Mem Usage Peak : 3112 K
Page Faults : 886
Pagefile Usage : 2156 K
Pagefile Peak Usage : 2232 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1496
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 11/03/1428 07:02:08 ص
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 25/01/1429 09:40:00 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5796 K
Mem Usage Peak : 5796 K
Page Faults : 1507
Pagefile Usage : 3016 K
Pagefile Peak Usage : 3016 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3764
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 25/01/1429 06:39:58 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\NAWAF~1\LOCALS~1\Temp\bntoz\CProcess.e xe
Base Address : 0x00400000
Created On : 25/01/1429 09:40:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NAWAF\N a W a F
Mem Usage : 2572 K
Mem Usage Peak : 2672 K
Page Faults : 1421
Pagefile Usage : 1116 K
Pagefile Peak Usage : 1216 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.3156
c:\windows\explorer.exe
c:\windows\Autorun.exe
c:\windows\Autorun.exe
File not found: c:\windows\Autorun.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck
C:\WINDOWS\system32\NeroCheck.exe
NeroCheck
Ahead Software Gmbh
1.00.0000.0002
c:\windows\system32\nerocheck.exe
LG Intelligent Update
"C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
CST
1.00.0000.0000
c:\program files\lg_swupdate\autoupdate.exe
SynTPLpr
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
TouchPad Driver Helper Application
Synaptics, Inc.
7.12.0009.0004
c:\program files\synaptics\syntp\syntplpr.exe
SynTPEnh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics TouchPad Enhancements
Synaptics, Inc.
7.12.0009.0004
c:\program files\synaptics\syntp\syntpenh.exe
batterymiser
"C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
Battery Miser
LG Electronics Inc.
3.37.0000.0000
c:\program files\lg software\battery miser 2005\batterymiser.exe
KeybdUtility
"C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
HotKey
LG Electronics
1.00.0000.0000
c:\program files\lg software\on screen display\hotkey.exe
High Definition Audio Property Page Shortcut
HDAShCut.exe
High Definition Audio Property Page Shortcut v1.0a
Windows (R) Server 2003 DDK provider
5.10.0001.5013
c:\windows\system32\hdashcut.exe
AGRSMMSG
AGRSMMSG.exe
SoftModem Messaging Applet
Agere Systems
2.01.0047.0008
c:\windows\agrsmmsg.exe
Cmaudio
RunDll32 cmicnfg.cpl,CMICtrlWnd
CmiCnfg DLL
C-Media Corporation
1.00.0046.0004
c:\windows\system\cmicnfg.cpl
igfxtray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
3.00.0000.4497
c:\windows\system32\igfxtray.exe
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.4497
c:\windows\system32\hkcmd.exe
igfxpers
C:\WINDOWS\system32\igfxpers.exe
persistence Module
Intel Corporation
3.00.0000.4497
c:\windows\system32\igfxpers.exe
lrrpfgcp
C:\WINDOWS\lrrpfgcp.exe
Leithauser Research
1.00.0000.0000
c:\windows\lrrpfgcp.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.3760
c:\program files\common files\real\update_ob\realsched.exe
IPO3
"C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG
IPO3 MFC ?? ????
1.00.0000.0001
c:\program files\lg software\ip operator 2005\ip operator 2005.exe
Explorer
C:\WINDOWS\iexplorer.exe
File not found: C:\WINDOWS\iexplorer.exe
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Java(TM) Platform SE binary
Sun Microsystems, Inc.
6.00.0030.0005
c:\program files\java\jre1.6.0_03\bin\jusched.exe
HPDJ Taskbar Utility
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
HP
2.236.0004.0000
c:\windows\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
HP Software Update
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
hpwuSchd
Hewlett-Packard
1.00.0000.0002
c:\program files\hewlett-packard\hp software update\hpwuschd.exe
HP Component Manager
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Framework Component Manager Service
Hewlett-Packard Company
2.01.0001.0000
c:\program files\hp\hpcoretech\hpcmpmgr.exe
DeviceDiscovery
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
hpotdd01
Hewlett-Packard
1.00.0000.0001
c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
InkMonitor
C:\Program Files\Pokluda\InkMonitor\InkMonitor.exe
InkMonitor
2.01.0002.0001
c:\program files\pokluda\inkmonitor\inkmonitor.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlueSoleil.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
Bluetooth Application
IVT Corporation
1.06.0001.0004
c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
gce.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
Leithauser Research
5.00.0000.0000
c:\documents and settings\all users\start menu\programs\startup\gce.exe
WinZip Quick Pick.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
WinZip Executable
WinZip Computing, S.L.
1.00.7403.0000
c:\program files\winzip\wzqkpick.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
MsnMsgr
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Messenger
Microsoft Corporation
8.01.0178.0000
c:\program files\msn messenger\msnmsgr.exe
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background
Windows Messenger
Microsoft Corporation
4.07.0000.3001
c:\program files\messenger\msmsgs.exe
TorCP
C:\Program Files\TorCP\torcp.exe
Tor Control Panel
Matt Edman
0.00.0004.0000
c:\program files\torcp\torcp.exe
STYLEXP
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
StyleXP Application
0.30.0000.0000
c:\program files\tgtsoft\stylexp\stylexp.exe
BitComet
"D:\Program Files\BitComet\BitComet.exe" /tray
File not found: D:\Program Files\BitComet\BitComet.exe
WMPNSCFG
C:\Program Files\Windows Media Player\WMPNSCFG.exe
تطبيق تكوين خدمة مشاركة الشبكة لـ Windows Media Player
Microsoft Corporation
11.00.5721.5145
c:\program files\windows media player\wmpnscfg.exe
DU Meter
C:\Program Files\DU Meter\DUMeter.exe
DU Meter Monitor
Hagel Technologies Ltd
4.00.3009.0000
c:\program files\du meter\dumeter.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.12.0006.0000
c:\program files\internet download manager\idman.exe
.
.
----------- End Report ---------------
$$العاشق$$
02-02-2008, 09:57 PM
تقريري للاب توب :eek:
SmitFraudFix v2.278
Scan done at 21:43:53.07, Sat 02/02/2008
Run from D:\ ©ںê¤ èê ïي¢©\يں*•é\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com (http://www.drivecleaner.com) ## added by CiD
127.0.0.1 www.errorprotector.com (http://www.errorprotector.com) ## added by CiD
127.0.0.1 www.errorsafe.com (http://www.errorsafe.com) ## added by CiD
127.0.0.1 www.systemdoctor.com (http://www.systemdoctor.com) ## added by CiD
127.0.0.1 www.utils.winfixer.com (http://www.utils.winfixer.com) ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com (http://www.win-anti-virus-pro.com) ## added by CiD
127.0.0.1 www.win-virus-pro.com (http://www.win-virus-pro.com) ## added by CiD
127.0.0.1 www.winantispam.com (http://www.winantispam.com) ## added by CiD
127.0.0.1 www.winantispy.com (http://www.winantispy.com) ## added by CiD
127.0.0.1 www.winantispyware.com (http://www.winantispyware.com) ## added by CiD
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com) ## added by CiD
127.0.0.1 www.winantiviruspro.com (http://www.winantiviruspro.com) ## added by CiD
127.0.0.1 www.windrivecleaner.com (http://www.windrivecleaner.com) ## added by CiD
127.0.0.1 www.windrivesafe.com (http://www.windrivesafe.com) ## added by CiD
127.0.0.1 www.winfixer.com (http://www.winfixer.com) ## added by CiD
127.0.0.1 www.winfixer2006.com (http://www.winfixer2006.com) ## added by CiD
127.0.0.1 www.winsoftware.com (http://www.winsoftware.com) ## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 212.76.68.200
DNS Server Search Order: 212.76.68.201
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3518B225-080C-4E04-A840-DEC45DA25B4E}: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3518B225-080C-4E04-A840-DEC45DA25B4E}: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.68.200 212.76.68.201
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
أبوسلام
02-02-2008, 10:19 PM
جزاك الله خيرًا
http://www.qataru.com/vb/images/misc/rosette2.gif
زيزوووم
02-02-2008, 10:36 PM
أخوي اسير الشعر
لاهنت حمل الملف هذا وقم بتشغيله
http://www.files2net.com/files/56933563/zzzzz.zip
بعدها اعد تشغيل جهازك ,,,
واعمل تقرير جديد ,,
وفضلااا لا امراا ,, لا تكبر الخط
زيزوووم
02-02-2008, 10:37 PM
تقريري للاب توب :eek:
SmitFraudFix v2.278
Scan done at 21:43:53.07, Sat 02/02/2008
Run from D:\ ©ںê¤ èê ïي¢©\يں*•é\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com (http://www.drivecleaner.com) ## added by CiD
127.0.0.1 www.errorprotector.com (http://www.errorprotector.com) ## added by CiD
127.0.0.1 www.errorsafe.com (http://www.errorsafe.com) ## added by CiD
127.0.0.1 www.systemdoctor.com (http://www.systemdoctor.com) ## added by CiD
127.0.0.1 www.utils.winfixer.com (http://www.utils.winfixer.com) ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com (http://www.win-anti-virus-pro.com) ## added by CiD
127.0.0.1 www.win-virus-pro.com (http://www.win-virus-pro.com) ## added by CiD
127.0.0.1 www.winantispam.com (http://www.winantispam.com) ## added by CiD
127.0.0.1 www.winantispy.com (http://www.winantispy.com) ## added by CiD
127.0.0.1 www.winantispyware.com (http://www.winantispyware.com) ## added by CiD
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com) ## added by CiD
127.0.0.1 www.winantiviruspro.com (http://www.winantiviruspro.com) ## added by CiD
127.0.0.1 www.windrivecleaner.com (http://www.windrivecleaner.com) ## added by CiD
127.0.0.1 www.windrivesafe.com (http://www.windrivesafe.com) ## added by CiD
127.0.0.1 www.winfixer.com (http://www.winfixer.com) ## added by CiD
127.0.0.1 www.winfixer2006.com (http://www.winfixer2006.com) ## added by CiD
127.0.0.1 www.winsoftware.com (http://www.winsoftware.com) ## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 212.76.68.200
DNS Server Search Order: 212.76.68.201
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3518B225-080C-4E04-A840-DEC45DA25B4E}: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3518B225-080C-4E04-A840-DEC45DA25B4E}: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.68.200 212.76.68.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.68.200 212.76.68.201
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
التقرير حلوو ياحلوو
زيزوووم
02-02-2008, 10:38 PM
جزاك الله خيرًا
http://www.qataru.com/vb/images/misc/rosette2.gif
ويجزاك خير ويبارك فيك
نوووف
02-02-2008, 10:55 PM
هذا تقريري:iconmju30:
SmitFraudFix v2.278
Scan done at 22:48:01.32, Sat 02/02/2008
Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com)
127.0.0.1 winantivirus.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5BFA856-32AA-485B-92CC-77C00139DFE2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E5BFA856-32AA-485B-92CC-77C00139DFE2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E5BFA856-32AA-485B-92CC-77C00139DFE2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
أسير&الشعر
02-02-2008, 11:16 PM
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:13 م, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\Hotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Pokluda\InkMonitor\InkMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TorCP\torcp.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\WINDOWS\zpitsp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\lg_swupdate\tmcheck.exe
C:\DOCUME~1\NAWAF~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\NAWAF~1\LOCALS~1\Temp\bntoz\HijackThis .exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 200.37.63.11:80
F2 - REG:system.ini: Shell=Explorer.exe c:\windows\Autorun.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\icom accelerator\components\NOWImaging.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [lrrpfgcp] C:\WINDOWS\lrrpfgcp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [InkMonitor] C:\Program Files\Pokluda\InkMonitor\InkMonitor.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TorCP] C:\Program Files\TorCP\torcp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: gce.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &BitSpirit حمله باستخدام
- C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: أضافة إلى مضاد الأعلان - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175174415265
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177550462406
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 10095 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 960
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 25/01/1429 11:10:11 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 428 K
Mem Usage Peak : 480 K
Page Faults : 222
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1016
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 25/01/1429 11:10:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4548 K
Mem Usage Peak : 4728 K
Page Faults : 3300
Pagefile Usage : 2016 K
Pagefile Peak Usage : 2024 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1040
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:14 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4088 K
Mem Usage Peak : 17324 K
Page Faults : 8518
Pagefile Usage : 6756 K
Pagefile Peak Usage : 8692 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1084
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:15 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3936 K
Mem Usage Peak : 3972 K
Page Faults : 3048
Pagefile Usage : 1844 K
Pagefile Peak Usage : 2016 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1096
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:15 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7256 K
Mem Usage Peak : 7264 K
Page Faults : 2060
Pagefile Usage : 4280 K
Pagefile Peak Usage : 4364 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1252
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:15 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5564 K
Mem Usage Peak : 5616 K
Page Faults : 1541
Pagefile Usage : 3360 K
Pagefile Peak Usage : 23396 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1332
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:16 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4824 K
Mem Usage Peak : 4824 K
Page Faults : 1380
Pagefile Usage : 2112 K
Pagefile Peak Usage : 2272 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1372
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:16 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 32484 K
Mem Usage Peak : 35016 K
Page Faults : 20329
Pagefile Usage : 21260 K
Pagefile Peak Usage : 28764 K
File Attributes : A
==================================================
==================================================
Process Name : StyleXPService.exe
ProcessID : 1420
Priority : Normal
Product Name : StyleXPService Module
Version : 0, 20, 0, 3000
Description : StyleXPService Module
Company :
Window Title :
File Size : 372,736
File Created Date : 26/04/1427 06:31:06 م
File Modified Date : 26/04/1427 06:31:06 م
Filename : C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:16 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3564 K
Mem Usage Peak : 3932 K
Page Faults : 11320
Pagefile Usage : 1084 K
Pagefile Peak Usage : 1280 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1544
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:18 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3788 K
Mem Usage Peak : 3800 K
Page Faults : 1062
Pagefile Usage : 1524 K
Pagefile Peak Usage : 1548 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1656
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:18 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 9476 K
Mem Usage Peak : 9484 K
Page Faults : 3293
Pagefile Usage : 6232 K
Pagefile Peak Usage : 6396 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1940
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 04/05/1426 11:53:32 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:18 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6140 K
Mem Usage Peak : 6140 K
Page Faults : 1776
Pagefile Usage : 3924 K
Pagefile Peak Usage : 3996 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 2032
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:19 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 12176 K
Mem Usage Peak : 46364 K
Page Faults : 55361
Pagefile Usage : 47464 K
Pagefile Peak Usage : 60860 K
File Attributes : A
==================================================
==================================================
Process Name : BTNtService.exe
ProcessID : 148
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 110,592
File Created Date : 16/03/1428 11:36:21 م
File Modified Date : 27/02/1426 11:03:28 م
Filename : C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:19 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2772 K
Mem Usage Peak : 2772 K
Page Faults : 773
Pagefile Usage : 1916 K
Pagefile Peak Usage : 1964 K
File Attributes : A
==================================================
==================================================
Process Name : DUMeterSvc.exe
ProcessID : 172
Priority : Normal
Product Name : DU Meter
Version : 4.0 Build R3009
Description : DU Meter Service
Company : Hagel Technologies Ltd
Window Title :
File Size : 1,382,672
File Created Date : 18/01/1429 09:15:37 م
File Modified Date : 04/10/1428 12:19:38 م
Filename : C:\Program Files\DU Meter\DUMeterSvc.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:19 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6936 K
Mem Usage Peak : 6944 K
Page Faults : 4186
Pagefile Usage : 7280 K
Pagefile Peak Usage : 8424 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 596
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:20 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3792 K
Mem Usage Peak : 3792 K
Page Faults : 1004
Pagefile Usage : 1740 K
Pagefile Peak Usage : 1740 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.exe
ProcessID : 624
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,033,216
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 28/05/1428 10:23:07 ص
Filename : C:\WINDOWS\Explorer.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:20 م
Visible Windows : 2
Hidden Windows : 26
User Name : NAWAF\N a W a F
Mem Usage : 22656 K
Mem Usage Peak : 22676 K
Page Faults : 12910
Pagefile Usage : 15084 K
Pagefile Peak Usage : 15776 K
File Attributes : A
==================================================
==================================================
Process Name : WMPNetwk.exe
ProcessID : 1796
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 11.0.5721.5145 (WMP_11.061018-2006)
Description : خدمة مشاركة الشبكة لـ Windows Media Player
Company : Microsoft Corporation
Window Title :
File Size : 909,312
File Created Date : 11/11/1427 07:03:38 م
File Modified Date : 11/11/1427 07:03:38 م
Filename : C:\Program Files\Windows Media Player\WMPNetwk.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:22 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 26120 K
Mem Usage Peak : 26128 K
Page Faults : 10446
Pagefile Usage : 10308 K
Pagefile Peak Usage : 10480 K
File Attributes :
==================================================
==================================================
Process Name : alg.exe
ProcessID : 1876
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3864 K
Mem Usage Peak : 3872 K
Page Faults : 1030
Pagefile Usage : 1308 K
Pagefile Peak Usage : 1320 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPLpr.exe
ProcessID : 2056
Priority : Normal
Product Name : Synaptics Pointing Device Driver
Version : 7.12.9.4 14Feb05
Description : TouchPad Driver Helper Application
Company : Synaptics, Inc.
Window Title :
File Size : 98,396
File Created Date : 11/03/1428 10:05:53 ص
File Modified Date : 06/01/1426 08:59:12 ص
Filename : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 3052 K
Mem Usage Peak : 3052 K
Page Faults : 871
Pagefile Usage : 1000 K
Pagefile Peak Usage : 1092 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPEnh.exe
ProcessID : 2064
Priority : Normal
Product Name : Synaptics Pointing Device Driver
Version : 7.12.9.4 14Feb05
Description : Synaptics TouchPad Enhancements
Company : Synaptics, Inc.
Window Title :
File Size : 667,740
File Created Date : 11/03/1428 10:05:52 ص
File Modified Date : 06/01/1426 08:58:10 ص
Filename : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 8
User Name : NAWAF\N a W a F
Mem Usage : 4524 K
Mem Usage Peak : 4524 K
Page Faults : 1306
Pagefile Usage : 1656 K
Pagefile Peak Usage : 1772 K
File Attributes : A
==================================================
==================================================
Process Name : batterymiser.exe
ProcessID : 2072
Priority : Normal
Product Name : Battery Miser
Version : 3, 37, 0, 0
Description : Battery Miser
Company : LG Electronics Inc.
Window Title :
File Size : 335,872
File Created Date : 11/03/1428 10:14:16 ص
File Modified Date : 06/05/1427 12:54:34 ص
Filename : C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 3508 K
Mem Usage Peak : 5316 K
Page Faults : 2825
Pagefile Usage : 2740 K
Pagefile Peak Usage : 2804 K
File Attributes : A
==================================================
==================================================
Process Name : Hotkey.exe
ProcessID : 2080
Priority : Normal
Product Name : HotKey
Version : 1, 0, 0, 0
Description : HotKey
Company : LG Electronics
Window Title :
File Size : 86,016
File Created Date : 11/03/1428 10:14:42 ص
File Modified Date : 19/05/1426 02:09:56 ص
Filename : C:\Program Files\LG Software\On Screen Display\Hotkey.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 5
User Name : NAWAF\N a W a F
Mem Usage : 5724 K
Mem Usage Peak : 5736 K
Page Faults : 1641
Pagefile Usage : 2996 K
Pagefile Peak Usage : 3880 K
File Attributes : A
==================================================
==================================================
Process Name : AGRSMMSG.exe
ProcessID : 2096
Priority : Normal
Product Name : Agere SoftModem Messaging Applet
Version : 2.1.47.8 2.1.47.8 11/09/2004 17:19:25
Description : SoftModem Messaging Applet
Company : Agere Systems
Window Title :
File Size : 88,358
File Created Date : 11/03/1428 02:04:42 م
File Modified Date : 27/09/1425 08:19:26 ص
Filename : C:\WINDOWS\AGRSMMSG.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 2852 K
Mem Usage Peak : 2852 K
Page Faults : 797
Pagefile Usage : 924 K
Pagefile Peak Usage : 948 K
File Attributes : AR
==================================================
==================================================
Process Name : RunDll32.exe
ProcessID : 2104
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Run a DLL as an App
Company : Microsoft Corporation
Window Title :
File Size : 33,280
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\RunDll32.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 4892 K
Mem Usage Peak : 4896 K
Page Faults : 1550
Pagefile Usage : 2824 K
Pagefile Peak Usage : 2832 K
File Attributes : A
==================================================
==================================================
Process Name : hkcmd.exe
ProcessID : 2120
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4497
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 77,824
File Created Date : 11/03/1428 09:55:02 ص
File Modified Date : 09/01/1427 11:36:06 م
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 12
User Name : NAWAF\N a W a F
Mem Usage : 3152 K
Mem Usage Peak : 3164 K
Page Faults : 835
Pagefile Usage : 892 K
Pagefile Peak Usage : 976 K
File Attributes : A
==================================================
==================================================
Process Name : igfxpers.exe
ProcessID : 2128
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4497
Description : persistence Module
Company : Intel Corporation
Window Title :
File Size : 118,784
File Created Date : 09/01/1427 11:40:02 م
File Modified Date : 09/01/1427 11:40:02 م
Filename : C:\WINDOWS\system32\igfxpers.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 3132 K
Mem Usage Peak : 3144 K
Page Faults : 817
Pagefile Usage : 864 K
Pagefile Peak Usage : 884 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 2144
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.3760
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 29/09/1428 03:29:59 م
File Modified Date : 29/09/1428 03:29:59 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 244 K
Mem Usage Peak : 3448 K
Page Faults : 3733
Pagefile Usage : 1204 K
Pagefile Peak Usage : 1240 K
File Attributes : A
==================================================
==================================================
Process Name : IP Operator 2005.exe
ProcessID : 2152
Priority : Normal
Product Name : IPO3 ?? ????
Version : 1, 0, 0, 1
Description : IPO3 MFC ?? ????
Company :
Window Title :
File Size : 1,028,096
File Created Date : 11/03/1428 10:14:54 ص
File Modified Date : 11/05/1426 08:02:44 م
Filename : C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 16
User Name : NAWAF\N a W a F
Mem Usage : 7024 K
Mem Usage Peak : 7036 K
Page Faults : 1826
Pagefile Usage : 2848 K
Pagefile Peak Usage : 2864 K
File Attributes : A
==================================================
==================================================
Process Name : jusched.exe
ProcessID : 2160
Priority : Normal
Product Name : Java(TM) Platform SE 6 U3
Version : 6.0.30.5
Description : Java(TM) Platform SE binary
Company : Sun Microsystems, Inc.
Window Title :
File Size : 132,496
File Created Date : 23/10/1428 10:59:03 م
File Modified Date : 13/09/1428 10:11:35 م
Filename : C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 0
User Name : NAWAF\N a W a F
Mem Usage : 2612 K
Mem Usage Peak : 2612 K
Page Faults : 698
Pagefile Usage : 872 K
Pagefile Peak Usage : 872 K
File Attributes : A
==================================================
==================================================
Process Name : hpztsb09.exe
ProcessID : 2168
Priority : Normal
Product Name : HP DeskJet
Version : 2.236.4.0
Description :
Company : HP
Window Title :
File Size : 176,128
File Created Date : 27/11/1428 10:26:23 م
File Modified Date : 05/07/1424 11:42:50 ص
Filename : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 3304 K
Mem Usage Peak : 3304 K
Page Faults : 907
Pagefile Usage : 1108 K
Pagefile Peak Usage : 1108 K
File Attributes : A
==================================================
==================================================
Process Name : HPWuSchd.exe
ProcessID : 2176
Priority : Normal
Product Name : Hewlett-Packard hpwuSchd
Version : 1, 0, 0, 2
Description : hpwuSchd
Company : Hewlett-Packard
Window Title :
File Size : 49,152
File Created Date : 25/04/1424 08:24:48 ص
File Modified Date : 25/04/1424 08:24:48 ص
Filename : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 2596 K
Mem Usage Peak : 2596 K
Page Faults : 704
Pagefile Usage : 776 K
Pagefile Peak Usage : 776 K
File Attributes : A
==================================================
==================================================
Process Name : hpcmpmgr.exe
ProcessID : 2184
Priority : Normal
Product Name : hp coretech (COmponent REuse TECHnology)
Version : 2.1.1
Description : HP Framework Component Manager Service
Company : Hewlett-Packard Company
Window Title :
File Size : 233,472
File Created Date : 27/08/1424 04:51:18 م
File Modified Date : 27/08/1424 04:51:18 م
Filename : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 8792 K
Mem Usage Peak : 8804 K
Page Faults : 2615
Pagefile Usage : 5040 K
Pagefile Peak Usage : 5880 K
File Attributes : A
==================================================
==================================================
Process Name : hpotdd01.exe
ProcessID : 2228
Priority : Normal
Product Name : Hewlett-Packard hpotdd01
Version : 1, 0, 0, 1
Description : hpotdd01
Company : Hewlett-Packard
Window Title :
File Size : 229,437
File Created Date : 20/03/1424 03:37:08 م
File Modified Date : 20/03/1424 03:37:08 م
Filename : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:25 م
Visible Windows : 0
Hidden Windows : 4
User Name : NAWAF\N a W a F
Mem Usage : 4488 K
Mem Usage Peak : 4488 K
Page Faults : 1806
Pagefile Usage : 1508 K
Pagefile Peak Usage : 1508 K
File Attributes : A
==================================================
==================================================
Process Name : InkMonitor.exe
ProcessID : 2260
Priority : Normal
Product Name : InkMonitor Application
Version : 2.1.2
Description : InkMonitor
Company :
Window Title :
File Size : 143,360
File Created Date : 02/01/1422 07:29:46 م
File Modified Date : 02/01/1422 07:29:46 م
Filename : C:\Program Files\Pokluda\InkMonitor\InkMonitor.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 0
Hidden Windows : 4
User Name : NAWAF\N a W a F
Mem Usage : 3276 K
Mem Usage Peak : 3276 K
Page Faults : 879
Pagefile Usage : 856 K
Pagefile Peak Usage : 856 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 2284
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 13/06/1428 09:51:38 ص
File Modified Date : 13/06/1428 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 0
Hidden Windows : 5
User Name : NAWAF\N a W a F
Mem Usage : 5748 K
Mem Usage Peak : 9424 K
Page Faults : 4576
Pagefile Usage : 5408 K
Pagefile Peak Usage : 5476 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 2292
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 0
Hidden Windows : 5
User Name : NAWAF\N a W a F
Mem Usage : 3640 K
Mem Usage Peak : 3640 K
Page Faults : 1039
Pagefile Usage : 1040 K
Pagefile Peak Usage : 1052 K
File Attributes : A
==================================================
==================================================
Process Name : MsnMsgr.Exe
ProcessID : 2300
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 01/01/1428 08:55:14 م
File Modified Date : 01/01/1428 08:55:14 م
Filename : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 1
Hidden Windows : 38
User Name : NAWAF\N a W a F
Mem Usage : 11860 K
Mem Usage Peak : 48448 K
Page Faults : 30934
Pagefile Usage : 32456 K
Pagefile Peak Usage : 37424 K
File Attributes : A
==================================================
==================================================
Process Name : msmsgs.exe
ProcessID : 2308
Priority : Normal
Product Name : Messenger
Version : 4.7.3001
Description : Windows Messenger
Company : Microsoft Corporation
Window Title :
File Size : 1,694,208
File Created Date : 11/03/1428 07:02:58 ص
File Modified Date : 29/08/1425 04:24:37 م
Filename : C:\Program Files\Messenger\msmsgs.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 0
Hidden Windows : 7
User Name : NAWAF\N a W a F
Mem Usage : 1772 K
Mem Usage Peak : 5264 K
Page Faults : 1786
Pagefile Usage : 1496 K
Pagefile Peak Usage : 1512 K
File Attributes :
==================================================
==================================================
Process Name : torcp.exe
ProcessID : 2324
Priority : Normal
Product Name : TorCP
Version : 0.0.4
Description : Tor Control Panel
Company : Matt Edman
Window Title :
File Size : 225,280
File Created Date : 11/11/1426 07:51:36 م
File Modified Date : 11/11/1426 07:51:36 م
Filename : C:\Program Files\TorCP\torcp.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 0
Hidden Windows : 6
User Name : NAWAF\N a W a F
Mem Usage : 4524 K
Mem Usage Peak : 4624 K
Page Faults : 22198
Pagefile Usage : 1068 K
Pagefile Peak Usage : 1132 K
File Attributes : A
==================================================
==================================================
Process Name : StyleXP.exe
ProcessID : 2360
Priority : Normal
Product Name : StyleXP Application
Version : 0, 30, 19, 0
Description : StyleXP Application
Company :
Window Title :
File Size : 1,372,160
File Created Date : 26/04/1427 06:31:39 م
File Modified Date : 26/04/1427 06:31:39 م
Filename : C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 16208 K
Mem Usage Peak : 16208 K
Page Faults : 9418
Pagefile Usage : 11664 K
Pagefile Peak Usage : 15640 K
File Attributes : A
==================================================
==================================================
Process Name : WMPNSCFG.exe
ProcessID : 2396
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 11.0.5721.5145 (WMP_11.061018-2006)
Description : تطبيق تكوين خدمة مشاركة الشبكة لـ Windows Media Player
Company : Microsoft Corporation
Window Title :
File Size : 204,288
File Created Date : 11/11/1427 07:03:46 م
File Modified Date : 11/11/1427 07:03:46 م
Filename : C:\Program Files\Windows Media Player\WMPNSCFG.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 0
Hidden Windows : 4
User Name : NAWAF\N a W a F
Mem Usage : 4404 K
Mem Usage Peak : 4404 K
Page Faults : 1164
Pagefile Usage : 1236 K
Pagefile Peak Usage : 1276 K
File Attributes :
==================================================
==================================================
Process Name : DUMeter.exe
ProcessID : 2416
Priority : Normal
Product Name : DU Meter
Version : 4.0 Build R3009
Description : DU Meter Monitor
Company : Hagel Technologies Ltd
Window Title : DU Meter
File Size : 2,582,288
File Created Date : 18/01/1429 09:15:36 م
File Modified Date : 04/10/1428 12:19:36 م
Filename : C:\Program Files\DU Meter\DUMeter.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 1
Hidden Windows : 11
User Name : NAWAF\N a W a F
Mem Usage : 1440 K
Mem Usage Peak : 7780 K
Page Faults : 4510
Pagefile Usage : 4696 K
Pagefile Peak Usage : 5716 K
File Attributes : A
==================================================
==================================================
Process Name : IDMan.exe
ProcessID : 2444
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.12.6.0
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title : خصائص الملف
File Size : 2,577,840
File Created Date : 15/01/1429 01:06:25 م
File Modified Date : 25/01/1429 05:35:58 م
Filename : C:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 2
Hidden Windows : 7
User Name : NAWAF\N a W a F
Mem Usage : 10568 K
Mem Usage Peak : 10568 K
Page Faults : 4223
Pagefile Usage : 4204 K
Pagefile Peak Usage : 4208 K
File Attributes : A
==================================================
==================================================
Process Name : BlueSoleil.exe
ProcessID : 2464
Priority : Normal
Product Name : BlueSoleil
Version : 1, 6, 1, 4
Description : Bluetooth Application
Company : IVT Corporation
Window Title :
File Size : 1,183,744
File Created Date : 16/03/1428 11:36:15 م
File Modified Date : 29/04/1426 08:23:08 م
Filename : C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 0
Hidden Windows : 8
User Name : NAWAF\N a W a F
Mem Usage : 11416 K
Mem Usage Peak : 11468 K
Page Faults : 4188
Pagefile Usage : 6568 K
Pagefile Peak Usage : 6628 K
File Attributes : A
==================================================
==================================================
Process Name : gce.exe
ProcessID : 2472
Priority : Normal
Product Name : gce
Version : 5.00
Description :
Company : Leithauser Research
Window Title : Clock Guard Enforcer
File Size : 30,720
File Created Date : 21/09/1428 02:34:22 م
File Modified Date : 23/06/1428 07:02:08 م
Filename : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:26 م
Visible Windows : 1
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 3996 K
Mem Usage Peak : 3996 K
Page Faults : 1044
Pagefile Usage : 1120 K
Pagefile Peak Usage : 1124 K
File Attributes : A
==================================================
==================================================
Process Name : WZQKPICK.EXE
ProcessID : 2508
Priority : Normal
Product Name : WinZip
Version : 1.0 (32-bit)
Description : WinZip Executable
Company : WinZip Computing, S.L.
Window Title :
File Size : 394,856
File Created Date : 21/11/1428 08:10:00 ص
File Modified Date : 21/11/1428 08:10:00 ص
Filename : C:\Program Files\WinZip\WZQKPICK.EXE
Base Address : 0x00400000
Created On : 25/01/1429 11:10:27 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 3292 K
Mem Usage Peak : 3292 K
Page Faults : 878
Pagefile Usage : 844 K
Pagefile Peak Usage : 844 K
File Attributes : AR
==================================================
==================================================
Process Name : gce.exe
ProcessID : 3592
Priority : Normal
Product Name : gce
Version : 5.00
Description :
Company : Leithauser Research
Window Title : wsgc
File Size : 30,720
File Created Date : 21/09/1428 02:34:22 م
File Modified Date : 23/06/1428 07:02:08 م
Filename : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:33 م
Visible Windows : 1
Hidden Windows : 2
User Name : NAWAF\N a W a F
Mem Usage : 3892 K
Mem Usage Peak : 3892 K
Page Faults : 1011
Pagefile Usage : 1116 K
Pagefile Peak Usage : 1120 K
File Attributes : A
==================================================
==================================================
Process Name : zpitsp.exe
ProcessID : 3924
Priority : Normal
Product Name : WatcherCG
Version : 1.01
Description :
Company : Leithauser Research
Window Title : ctgpp
File Size : 13,312
File Created Date : 21/09/1428 02:34:22 م
File Modified Date : 23/06/1428 06:43:56 م
Filename : C:\WINDOWS\zpitsp.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:34 م
Visible Windows : 1
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 3856 K
Mem Usage Peak : 3856 K
Page Faults : 1026
Pagefile Usage : 1116 K
Pagefile Peak Usage : 1116 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1864
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 11/03/1428 07:02:08 ص
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:10:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5896 K
Mem Usage Peak : 5904 K
Page Faults : 1552
Pagefile Usage : 2168 K
Pagefile Peak Usage : 3092 K
File Attributes : A
==================================================
==================================================
Process Name : IEMonitor.exe
ProcessID : 3568
Priority : Normal
Product Name : IEMonitor Application
Version : 3, 0, 0, 1
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,576
File Created Date : 15/01/1429 01:06:20 م
File Modified Date : 02/02/1428 02:53:52 م
Filename : C:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:10:50 م
Visible Windows : 0
Hidden Windows : 3
User Name : NAWAF\N a W a F
Mem Usage : 5552 K
Mem Usage Peak : 5564 K
Page Faults : 1495
Pagefile Usage : 2872 K
Pagefile Peak Usage : 2888 K
File Attributes : A
==================================================
==================================================
Process Name : wuauclt.exe
ProcessID : 2872
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 7.0.6000.381 (winmain(wmbla).070730-1740)
Description : Windows Update Automatic Updates
Company : Microsoft Corporation
Window Title :
File Size : 53,080
File Created Date : 11/03/1428 07:04:37 ص
File Modified Date : 17/07/1428 02:19:16 ص
Filename : C:\WINDOWS\system32\wuauclt.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:11:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 9740 K
Mem Usage Peak : 9744 K
Page Faults : 2753
Pagefile Usage : 6712 K
Pagefile Peak Usage : 6728 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 784
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 97,136
File Created Date : 01/01/1428 08:54:14 م
File Modified Date : 01/01/1428 08:54:14 م
Filename : C:\Program Files\MSN Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:12:19 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2908 K
Mem Usage Peak : 2908 K
Page Faults : 786
Pagefile Usage : 984 K
Pagefile Peak Usage : 984 K
File Attributes : A
==================================================
==================================================
Process Name : tmcheck.exe
ProcessID : 1292
Priority : Normal
Product Name : LG Intelligent Update
Version : 1.00
Description :
Company : CST
Window Title :
File Size : 20,480
File Created Date : 11/03/1428 09:51:18 ص
File Modified Date : 12/11/1425 11:46:54 م
Filename : C:\Program Files\lg_swupdate\tmcheck.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:12:43 م
Visible Windows : 0
Hidden Windows : 4
User Name : NAWAF\N a W a F
Mem Usage : 3528 K
Mem Usage Peak : 3528 K
Page Faults : 925
Pagefile Usage : 1060 K
Pagefile Peak Usage : 1064 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 1828
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 25/01/1429 06:39:58 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\NAWAF~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 25/01/1429 11:14:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NAWAF\N a W a F
Mem Usage : 2496 K
Mem Usage Peak : 2508 K
Page Faults : 730
Pagefile Usage : 812 K
Pagefile Peak Usage : 916 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2704
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 25/01/1429 11:14:08 م
Visible Windows : 0
Hidden Windows : 1
User Name : NAWAF\N a W a F
Mem Usage : 3024 K
Mem Usage Peak : 3092 K
Page Faults : 875
Pagefile Usage : 2136 K
Pagefile Peak Usage : 2212 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1100
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 11/03/1428 07:02:08 ص
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 25/01/1429 11:14:10 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5788 K
Mem Usage Peak : 5788 K
Page Faults : 1505
Pagefile Usage : 3016 K
Pagefile Peak Usage : 3016 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 2920
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 25/01/1429 06:39:58 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\NAWAF~1\LOCALS~1\Temp\bntoz\CProcess.e xe
Base Address : 0x00400000
Created On : 25/01/1429 11:14:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NAWAF\N a W a F
Mem Usage : 2552 K
Mem Usage Peak : 2652 K
Page Faults : 1417
Pagefile Usage : 1100 K
Pagefile Peak Usage : 1200 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.3156
c:\windows\explorer.exe
c:\windows\Autorun.exe
c:\windows\Autorun.exe
File not found: c:\windows\Autorun.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck
C:\WINDOWS\system32\NeroCheck.exe
NeroCheck
Ahead Software Gmbh
1.00.0000.0002
c:\windows\system32\nerocheck.exe
LG Intelligent Update
"C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
CST
1.00.0000.0000
c:\program files\lg_swupdate\autoupdate.exe
SynTPLpr
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
TouchPad Driver Helper Application
Synaptics, Inc.
7.12.0009.0004
c:\program files\synaptics\syntp\syntplpr.exe
SynTPEnh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics TouchPad Enhancements
Synaptics, Inc.
7.12.0009.0004
c:\program files\synaptics\syntp\syntpenh.exe
batterymiser
"C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
Battery Miser
LG Electronics Inc.
3.37.0000.0000
c:\program files\lg software\battery miser 2005\batterymiser.exe
KeybdUtility
"C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
HotKey
LG Electronics
1.00.0000.0000
c:\program files\lg software\on screen display\hotkey.exe
High Definition Audio Property Page Shortcut
HDAShCut.exe
High Definition Audio Property Page Shortcut v1.0a
Windows (R) Server 2003 DDK provider
5.10.0001.5013
c:\windows\system32\hdashcut.exe
AGRSMMSG
AGRSMMSG.exe
SoftModem Messaging Applet
Agere Systems
2.01.0047.0008
c:\windows\agrsmmsg.exe
Cmaudio
RunDll32 cmicnfg.cpl,CMICtrlWnd
CmiCnfg DLL
C-Media Corporation
1.00.0046.0004
c:\windows\system\cmicnfg.cpl
igfxtray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
3.00.0000.4497
c:\windows\system32\igfxtray.exe
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.4497
c:\windows\system32\hkcmd.exe
igfxpers
C:\WINDOWS\system32\igfxpers.exe
persistence Module
Intel Corporation
3.00.0000.4497
c:\windows\system32\igfxpers.exe
lrrpfgcp
C:\WINDOWS\lrrpfgcp.exe
Leithauser Research
1.00.0000.0000
c:\windows\lrrpfgcp.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.3760
c:\program files\common files\real\update_ob\realsched.exe
IPO3
"C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG
IPO3 MFC ?? ????
1.00.0000.0001
c:\program files\lg software\ip operator 2005\ip operator 2005.exe
Explorer
C:\WINDOWS\iexplorer.exe
File not found: C:\WINDOWS\iexplorer.exe
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Java(TM) Platform SE binary
Sun Microsystems, Inc.
6.00.0030.0005
c:\program files\java\jre1.6.0_03\bin\jusched.exe
HPDJ Taskbar Utility
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
HP
2.236.0004.0000
c:\windows\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
HP Software Update
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
hpwuSchd
Hewlett-Packard
1.00.0000.0002
c:\program files\hewlett-packard\hp software update\hpwuschd.exe
HP Component Manager
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Framework Component Manager Service
Hewlett-Packard Company
2.01.0001.0000
c:\program files\hp\hpcoretech\hpcmpmgr.exe
DeviceDiscovery
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
hpotdd01
Hewlett-Packard
1.00.0000.0001
c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
InkMonitor
C:\Program Files\Pokluda\InkMonitor\InkMonitor.exe
InkMonitor
2.01.0002.0001
c:\program files\pokluda\inkmonitor\inkmonitor.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
7.00.0000.0125
c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlueSoleil.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
Bluetooth Application
IVT Corporation
1.06.0001.0004
c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
gce.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
Leithauser Research
5.00.0000.0000
c:\documents and settings\all users\start menu\programs\startup\gce.exe
WinZip Quick Pick.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
WinZip Executable
WinZip Computing, S.L.
1.00.7403.0000
c:\program files\winzip\wzqkpick.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
MsnMsgr
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Messenger
Microsoft Corporation
8.01.0178.0000
c:\program files\msn messenger\msnmsgr.exe
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background
Windows Messenger
Microsoft Corporation
4.07.0000.3001
c:\program files\messenger\msmsgs.exe
TorCP
C:\Program Files\TorCP\torcp.exe
Tor Control Panel
Matt Edman
0.00.0004.0000
c:\program files\torcp\torcp.exe
STYLEXP
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
StyleXP Application
0.30.0000.0000
c:\program files\tgtsoft\stylexp\stylexp.exe
BitComet
"D:\Program Files\BitComet\BitComet.exe" /tray
File not found: D:\Program Files\BitComet\BitComet.exe
WMPNSCFG
C:\Program Files\Windows Media Player\WMPNSCFG.exe
تطبيق تكوين خدمة مشاركة الشبكة لـ Windows Media Player
Microsoft Corporation
11.00.5721.5145
c:\program files\windows media player\wmpnscfg.exe
DU Meter
C:\Program Files\DU Meter\DUMeter.exe
DU Meter Monitor
Hagel Technologies Ltd
4.00.3009.0000
c:\program files\du meter\dumeter.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.12.0006.0000
c:\program files\internet download manager\idman.exe
.
.
----------- End Report ---------------
زيزوووم
03-02-2008, 12:10 AM
هذا تقريري:iconmju30:
SmitFraudFix v2.278
Scan done at 22:48:01.32, Sat 02/02/2008
Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com)
127.0.0.1 winantivirus.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5BFA856-32AA-485B-92CC-77C00139DFE2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E5BFA856-32AA-485B-92CC-77C00139DFE2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E5BFA856-32AA-485B-92CC-77C00139DFE2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
منتاز منتاز :noskjiuyweat:
زيزوووم
03-02-2008, 12:23 AM
.
-
لاهنت قفل متصفح الانترنت
وباستخدام البرنامج Hijack This اللي عملت فيه التقرير
اعمل فحص جديد واشر على هذه القيم >>> واضغط على Fix Checked
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\icom accelerator\components\NOWImaging.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
وهذا شرح للعمليه (( القيم غير حقيقيه اللهم للشرح ))
http://www.zyzoom.net/vb_up/upload/wh_28637394.png
-----------------------------
بعدها اعد تشغيل جهازك ,,
واستخدم الاداة الاولى ,, ( على هذا الرابط http://www.zyzoom.org/vb/t3368.html )
حتى نتأكد ان الملف قد حذف
نوووف
03-02-2008, 12:27 AM
منتاز منتاز :noskjiuyweat:
:iconmju30:
الله يعطيك مليون عافية الله يوفقك يارب:icofdren31:
طير الامارات
03-02-2008, 12:33 AM
شكراً لك اخي الكريم على المجهود
أسير&الشعر
03-02-2008, 01:19 AM
هذا التقرير الجديد..
قسم بالله اني اقلقتك معاي بس تحملني يالغالي..
SmitFraudFix v2.278
Scan done at 1:12:55.60, Sun 02/03/2008
Run from C:\Documents and Settings\N a W a F\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{61548549-345D-4C98-92C3-62421BF61BBC}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
زيزوووم
03-02-2008, 01:43 AM
:iconmju30:
الله يعطيك مليون عافية الله يوفقك يارب:icofdren31:
يعافيك وتسلمين اختي الغاليه
زيزوووم
03-02-2008, 01:43 AM
شكراً لك اخي الكريم على المجهود
العفووو وتسلم ياغالي
زيزوووم
03-02-2008, 01:46 AM
هذا التقرير الجديد..
قسم بالله اني اقلقتك معاي بس تحملني يالغالي..
»»»»»»»»»»»»»»»»»»»»»»»» End
اخ وعزيز بارك الله فيك
الحمد لله تم حذف الملف
بالتوفيق :smile:
أسير&الشعر
03-02-2008, 02:36 AM
يعطيك العافيه وماقصرت يالغالي..
سلام
شتيوي2006
04-02-2008, 10:36 AM
حلوووو
س1\ انا عندي جهاز ثاني تسمحلي اجيب التقرير حقه؟
لاهنت التقرير هذا شوف شحليل هالتقرير صغنون شكله زين >>>ياخوفي
SmitFraudFix v2.280
Scan done at 10:30:29.25, Mon 02/04/2008
Run from C:\Documents and Settings\user\Application Data\IDM\DwnlData\user\SmitfraudFix_548\SmitfraudF ix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\alxres.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Atheros AR5005G Wireless Network Adapter - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FD042C7-BBA4-4998-B439-E188E3B071E3}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FD042C7-BBA4-4998-B439-E188E3B071E3}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9FD042C7-BBA4-4998-B439-E188E3B071E3}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
rolex
15-02-2008, 02:22 PM
http://www.ieeegoldegypt.org/mie/new/admin/upload/upimg/thanks.gif
مهاوي وبس
15-02-2008, 02:39 PM
شكرا لكم
هذا التقرير واتمنى الرد
حالن
ممكن
SmitFraudFix v2.289
Scan done at 14:36:23.71, Fri 02/15/2008
Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com (http://www.drivecleaner.com) ## added by CiD
127.0.0.1 www.errorprotector.com (http://www.errorprotector.com) ## added by CiD
127.0.0.1 www.errorsafe.com (http://www.errorsafe.com) ## added by CiD
127.0.0.1 www.systemdoctor.com (http://www.systemdoctor.com) ## added by CiD
127.0.0.1 www.utils.winfixer.com (http://www.utils.winfixer.com) ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com (http://www.win-anti-virus-pro.com) ## added by CiD
127.0.0.1 www.win-virus-pro.com (http://www.win-virus-pro.com) ## added by CiD
127.0.0.1 www.winantispam.com (http://www.winantispam.com) ## added by CiD
127.0.0.1 www.winantispy.com (http://www.winantispy.com) ## added by CiD
127.0.0.1 www.winantispyware.com (http://www.winantispyware.com) ## added by CiD
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com) ## added by CiD
127.0.0.1 www.winantiviruspro.com (http://www.winantiviruspro.com) ## added by CiD
127.0.0.1 www.windrivecleaner.com (http://www.windrivecleaner.com) ## added by CiD
127.0.0.1 www.windrivesafe.com (http://www.windrivesafe.com) ## added by CiD
127.0.0.1 www.winfixer.com (http://www.winfixer.com) ## added by CiD
127.0.0.1 www.winfixer2006.com (http://www.winfixer2006.com) ## added by CiD
127.0.0.1 www.winsoftware.com (http://www.winsoftware.com) ## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945BG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
مهاوي وبس
15-02-2008, 03:59 PM
وينكم
بليز
ردوووو
في مشكله في جهازي
ولالالا
غَيّوضْ
15-02-2008, 08:46 PM
يعطيك العافية زيزووووم
فحصت جهازي وهذا التقرير لا هنت
SmitFraudFix v2.289
Scan done at 20:38:43.31, Fri 02/15/2008
Run from C:\Users\Dell\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
أرجو الإفادة بالنتيجة
( شعاري تحملوني تراي عليمي )
ريح المطر
16-02-2008, 01:04 AM
يعطيك الف عافيه وهذا تقرير جهازي
SmitFraudFix v2.289
Scan done at 0:57:44.89, Sat 02/16/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Rhine II Fast Ethernet Adapter
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D15ABA7F-A60B-4411-997B-8A47DAE2548C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D15ABA7F-A60B-4411-997B-8A47DAE2548C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D15ABA7F-A60B-4411-997B-8A47DAE2548C}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
نادين المامون
21-02-2008, 05:39 PM
اداة رائعة
هل لنا بشرح بسيط لطريقة تحليل التقرير بانفسنا
زيزوووم
21-02-2008, 08:41 PM
يا هلا وغلا بالجميع اسعدني جدا تواجدكم وردودكم الجميلة تحيه من القلب للجميع
زيزوووم
21-02-2008, 08:42 PM
حلوووو
س1\ انا عندي جهاز ثاني تسمحلي اجيب التقرير حقه؟
لاهنت التقرير هذا شوف شحليل هالتقرير صغنون شكله زين >>>ياخوفي
SmitFraudFix v2.280
Scan done at 10:30:29.25, Mon 02/04/2008
Run from C:\Documents and Settings\user\Application Data\IDM\DwnlData\user\SmitfraudFix_548\SmitfraudF ix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\alxres.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Atheros AR5005G Wireless Network Adapter - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FD042C7-BBA4-4998-B439-E188E3B071E3}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FD042C7-BBA4-4998-B439-E188E3B071E3}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9FD042C7-BBA4-4998-B439-E188E3B071E3}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
شكرا لكم
هذا التقرير واتمنى الرد
حالن
ممكن
SmitFraudFix v2.289
Scan done at 14:36:23.71, Fri 02/15/2008
Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com (http://www.drivecleaner.com) ## added by CiD
127.0.0.1 www.errorprotector.com (http://www.errorprotector.com) ## added by CiD
127.0.0.1 www.errorsafe.com (http://www.errorsafe.com) ## added by CiD
127.0.0.1 www.systemdoctor.com (http://www.systemdoctor.com) ## added by CiD
127.0.0.1 www.utils.winfixer.com (http://www.utils.winfixer.com) ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com (http://www.win-anti-virus-pro.com) ## added by CiD
127.0.0.1 www.win-virus-pro.com (http://www.win-virus-pro.com) ## added by CiD
127.0.0.1 www.winantispam.com (http://www.winantispam.com) ## added by CiD
127.0.0.1 www.winantispy.com (http://www.winantispy.com) ## added by CiD
127.0.0.1 www.winantispyware.com (http://www.winantispyware.com) ## added by CiD
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com) ## added by CiD
127.0.0.1 www.winantiviruspro.com (http://www.winantiviruspro.com) ## added by CiD
127.0.0.1 www.windrivecleaner.com (http://www.windrivecleaner.com) ## added by CiD
127.0.0.1 www.windrivesafe.com (http://www.windrivesafe.com) ## added by CiD
127.0.0.1 www.winfixer.com (http://www.winfixer.com) ## added by CiD
127.0.0.1 www.winfixer2006.com (http://www.winfixer2006.com) ## added by CiD
127.0.0.1 www.winsoftware.com (http://www.winsoftware.com) ## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945BG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
يعطيك العافية زيزووووم
فحصت جهازي وهذا التقرير لا هنت
SmitFraudFix v2.289
Scan done at 20:38:43.31, Fri 02/15/2008
Run from C:\Users\Dell\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
أرجو الإفادة بالنتيجة
( شعاري تحملوني تراي عليمي )
عذرا على التأخير ,,
جميع التقارير نظيفه
زيزوووم
21-02-2008, 08:47 PM
اداة رائعة
هل لنا بشرح بسيط لطريقة تحليل التقرير بانفسنا
هلااا فيك اختي الغالية ,,
التحليل سهل ,, لأنه يبحث عن برامج معينة
وموجوده هناا
http://siri.geekstogo.com/SmitfraudFix.php
zoro779
25-03-2008, 03:41 PM
شكرا
طائفي نت
01-04-2008, 06:41 PM
جزاك الله خير والله يرحم والديك
فعلا هذه المشكلة التي كانت عندي وخاصة الصورة الأخيرة " رسالة التحذير على ما أعتقد"
جربت الأداة في الوضع الآمن وأبشرك كل شئ تمام انحلت المشكلة:ok:
الله يغفر لك ويغفر لوالديك ويرحمهم إنه على ذلك لقدير
مهاوي وبس
01-04-2008, 06:50 PM
بارك الله فيكم
هذا التقرير
SmitFraudFix v2.289
Scan done at 18:45:28.21, Tue 04/01/2008
Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com)
127.0.0.1 winantivirus.com
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com (http://www.drivecleaner.com) ## added by CiD
127.0.0.1 www.errorprotector.com (http://www.errorprotector.com) ## added by CiD
127.0.0.1 www.errorsafe.com (http://www.errorsafe.com) ## added by CiD
127.0.0.1 www.systemdoctor.com (http://www.systemdoctor.com) ## added by CiD
127.0.0.1 www.utils.winfixer.com (http://www.utils.winfixer.com) ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com (http://www.win-anti-virus-pro.com) ## added by CiD
127.0.0.1 www.win-virus-pro.com (http://www.win-virus-pro.com) ## added by CiD
127.0.0.1 www.winantispam.com (http://www.winantispam.com) ## added by CiD
127.0.0.1 www.winantispy.com (http://www.winantispy.com) ## added by CiD
127.0.0.1 www.winantispyware.com (http://www.winantispyware.com) ## added by CiD
127.0.0.1 www.winantiviruspro.com (http://www.winantiviruspro.com) ## added by CiD
127.0.0.1 www.windrivecleaner.com (http://www.windrivecleaner.com) ## added by CiD
127.0.0.1 www.windrivesafe.com (http://www.windrivesafe.com) ## added by CiD
127.0.0.1 www.winfixer.com (http://www.winfixer.com) ## added by CiD
127.0.0.1 www.winfixer2006.com (http://www.winfixer2006.com) ## added by CiD
127.0.0.1 www.winsoftware.com (http://www.winsoftware.com) ## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\Tasks\At?.job Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945BG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
مهاوي وبس
01-04-2008, 06:51 PM
بارك الله فيك
وهذا التقرير
SmitFraudFix v2.289
Scan done at 18:45:28.21, Tue 04/01/2008
Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.winantivirus.com (http://www.winantivirus.com)
127.0.0.1 winantivirus.com
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com (http://www.drivecleaner.com) ## added by CiD
127.0.0.1 www.errorprotector.com (http://www.errorprotector.com) ## added by CiD
127.0.0.1 www.errorsafe.com (http://www.errorsafe.com) ## added by CiD
127.0.0.1 www.systemdoctor.com (http://www.systemdoctor.com) ## added by CiD
127.0.0.1 www.utils.winfixer.com (http://www.utils.winfixer.com) ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com (http://www.win-anti-virus-pro.com) ## added by CiD
127.0.0.1 www.win-virus-pro.com (http://www.win-virus-pro.com) ## added by CiD
127.0.0.1 www.winantispam.com (http://www.winantispam.com) ## added by CiD
127.0.0.1 www.winantispy.com (http://www.winantispy.com) ## added by CiD
127.0.0.1 www.winantispyware.com (http://www.winantispyware.com) ## added by CiD
127.0.0.1 www.winantiviruspro.com (http://www.winantiviruspro.com) ## added by CiD
127.0.0.1 www.windrivecleaner.com (http://www.windrivecleaner.com) ## added by CiD
127.0.0.1 www.windrivesafe.com (http://www.windrivesafe.com) ## added by CiD
127.0.0.1 www.winfixer.com (http://www.winfixer.com) ## added by CiD
127.0.0.1 www.winfixer2006.com (http://www.winfixer2006.com) ## added by CiD
127.0.0.1 www.winsoftware.com (http://www.winsoftware.com) ## added by CiD
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\Tasks\At?.job Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945BG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
ابومشاري22
01-04-2008, 08:28 PM
لفحص وتنظيف الجهاز من الدعايات المزعجه مشكور وماقصرت
الوليد المنصوري
09-04-2008, 10:37 AM
http://www.ieeegoldegypt.org/mie/new/admin/upload/upimg/thanks.gif
الله عليك يا زيزوم
مشكور لولا الله ثم الاداة هذي لما تمكنت من حل مشكلتي
وشرح وافي وكافي
جزاك الله خير
تحياتي لك
الشهاب المضيء
17-04-2008, 03:45 PM
جزاك الله خيرا أخي الحبيب وهذا تقريري
SmitFraudFix v2.314
Scan done at 15:32:01.45, Thu 04/17/2008
Run from C:\Users\alshehab\Documents\Downloads\Programs\Smi tfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
أسأل الله الكريم رب العرش العظيم أن يرحم والديك
غروري ضروري
15-05-2008, 11:55 PM
SmitFraudFix v2.320
Scan done at 23:42:35.01, Thu 05/15/2008
Run from C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Kaspersky Anti-Virus NDIS Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
شوف لي حل يا زيزووووم وربي جننتني الاعلانات أذا جاتني اليوووم برفق لك صوره من الاعلان
وهذي الصوره يا اخوان ساعدووووني
http://www.zyzoom.net/vb_up/uploads/images/zyzoom-fcf5a7d41e.png
عصام ابوهيبه
16-05-2008, 12:01 AM
جزاك الله خيرا
مؤمن من
16-05-2008, 02:30 PM
مشكووووور كتيييير يا معلم
اداه روعة
هاوي النت
16-05-2008, 02:47 PM
الله يجزاك خير اخوي تركي الله يوفقك ويرحم والديك
حطمتني
16-05-2008, 03:07 PM
الله يعـطيك العــآفيه
زيزوم والله يرحم والديك
على مجهودكـ الرـآئع :ok:
والله لا يحرمك الأجر امين
=========
هذآ التقـرير بعد إذنك
SmitFraudFix v2.320
Scan done at 14:50:32.20, Fri 05/16/2008
Run from C:\Program Files\ê¤é§ ¤§ï§\Avant Browser\Skins\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 195.226.228.72
DNS Server Search Order: 195.226.228.74
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer=195.226.228.72 195.226.228.74
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer=195.226.228.72 195.226.228.74
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
======
والله لا يهـينك يآ زيزوم بـرفق تقريري الهـآيجآك والله احس انى جهازي مـدووج
=========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:57:19 م, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVANTB~1\avant.exe
C:\PROGRA~1\AVANTB~1\avant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\AirLive\Bluetooth Softw\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Bin\Zanda.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\داونلود\Internet Download Manager\IEMonitor.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\مجلد جديد\Avant Browser\avant.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MRT.exe
D:\برامج\تعريب البرامج\برنامج ResHacker\أنقليزي\ResHacker.exe
D:\برامج\تعريب البرامج\برنامج ResHacker\ResHacker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
D:\برامج\برامج منوعه\الهايجاك\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\داونلود\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\gram beep.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [save amen] C:\DOCUME~1\Winxp\APPLIC~1\DRAWSU~1\One blah.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\داونلود\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer = 195.226.228.72 195.226.228.74
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\AirLive\Bluetooth Softw\bin\btwdins.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
--
End of file - 6952 bytes
=========
والله عطيك العافيه وصـحه
نـآطرك :)
alaswedy
16-05-2008, 03:48 PM
مشكور اخي علي الشرح
زيزوووم
16-05-2008, 11:38 PM
هلا والله وغلا فيكم ... وتسلمووون ياغالين
أحبائي أسعدني وشرفني حضوركم العطر
شــاكر لطف ردودكم ... وربي يعطيكم العافية
زيزوووم
16-05-2008, 11:41 PM
عذرا حبايبي على التأخير ...
وجميع التقارير سليمة
زيزوووم
16-05-2008, 11:45 PM
شوف لي حل يا زيزووووم وربي جننتني الاعلانات أذا جاتني اليوووم برفق لك صوره من الاعلان
وهذي الصوره يا اخوان ساعدووووني
( 1 )
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
http://download.bleepingcomputer.com/sUBs/********.exe
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
http://download.hijackthis.eu/hijackthis_199.zip
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
زيزوووم
16-05-2008, 11:50 PM
الله يعـطيك العــآفيه
زيزوم والله يرحم والديك
على مجهودكـ الرـآئع :ok:
والله لا يحرمك الأجر امين
=========
=========
والله عطيك العافيه وصـحه
نـآطرك :)
ويرحم والديك ويبارك فيك
قفل متصفح الانترنت
وباستخدام البرنامج Hijack This اللي عملت فيه التقرير
اعمل فحص جديد واشر على هذه القيم >>> واضغط على Fix Checked
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\gram beep.exe
O4 - HKCU\..\Run: [save amen] C:\DOCUME~1\Winxp\APPLIC~1\DRAWSU~1\One blah.exe
وهذا شرح للعمليه (( القيم غير حقيقيه اللهم للشرح ))
http://www.zyzoom.net/vb_up/upload/wh_28637394.png
غروري ضروري
17-05-2008, 01:44 AM
مشكوووووووووور على رحابة صدرك ومساعدتك لي ولكل الاعضاء
هذا تقرير الهيجك
Logfile of HijackThis v1.99.1
Scan saved at 01:29:13 ص, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\documents and settings\microsoft\local settings\application data\xtbvqc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [xtbvqc] c:\documents and settings\microsoft\local settings\application data\xtbvqc.exe xtbvqc
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Microsoft\Application Data\CyberScrub\Privacy Suite"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
وهذا تقرير الاداه
ومشكوووووور مره اخرى
ورحم الله والديك ووالدي جميع المسلمين
******** 08-05-15.3 - Microsoft 05/17/2008 1:32:27.1 - [B]FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.166 [GMT 3:00]
Running from: C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\********.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc.dat
C:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc.exe
c:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc_nav.dat
c:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc_navps.dat
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 22:35 3,276 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-16 22:35 16,416 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-16 22:35 146,976 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-16 22:35 1,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-16 20:50 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\CyberScrub
2008-05-16 20:50 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\cleaner
2008-05-15 20:42 2,396 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-11 01:26 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Nokia Multimedia Player
2008-05-09 19:02 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\PC Suite
2008-05-09 19:02 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Nokia
2008-05-09 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-09 19:01 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-09 19:01 --------- d-----w C:\Program Files\DIFX
2008-05-09 19:01 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-09 19:01 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-09 19:00 --------- d-----w C:\Program Files\Nokia
2008-05-09 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-05-09 17:42 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-09 17:42 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-09 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-08 20:29 --------- d-----w C:\Program Files\Java
2008-05-08 20:29 --------- d-----w C:\Program Files\Common Files\Java
2008-05-08 02:23 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-08 01:51 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-07 11:38 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-05-05 23:46 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-05 23:46 --------- d-----w C:\Program Files\Real
2008-05-05 23:46 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 19:16 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\CyberLink
2008-05-05 18:14 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\ACD Systems
2008-05-05 18:06 64,801 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-05-05 18:06 6,118 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-05 18:06 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-05 18:06 218,624 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-05-05 17:41 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\IDM
2008-05-05 17:41 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\DMCache
2008-05-05 17:15 --------- d-----w C:\Program Files\ClocX
2008-05-05 17:14 --------- d-----w C:\Program Files\KMPlayer
2008-05-05 17:13 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-05 17:13 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-05 17:13 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\SiteAdvisor
2008-05-05 17:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-05 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-05 16:19 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-05 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-05 16:16 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-05 16:16 --------- d-----w C:\Program Files\CyberLink
2008-05-05 16:14 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-05-05 16:14 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-05-05 16:14 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-05-05 16:14 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-05-05 16:14 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-05-05 16:14 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-05-05 16:14 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-05-05 16:14 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-05-05 16:14 --------- d-----w C:\Program Files\Real_SC
2008-05-05 16:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-05 15:45 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\BSplayer Pro
2008-05-05 15:44 --------- d-----w C:\Program Files\Webteh
2008-05-05 15:44 --------- d-----w C:\Program Files\Paltalk Messenger
2008-05-05 15:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-05 15:44 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Paltalk
2008-05-05 15:43 --------- d-----w C:\Program Files\Windows Live
2008-05-05 15:42 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 15:42 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-05 15:42 --------- d-----w C:\Program Files\ACD Systems
2008-05-05 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-05 15:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 15:33 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-05 15:33 --------- d-----w C:\Program Files\Ahead
2008-05-05 15:32 155,995 ----a-w C:\WINDOWS\java\Packages\2B57R9Z7.ZIP
2008-05-05 15:28 --------- d-----w C:\Program Files\Microsoft Works
2008-05-05 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-05 15:16 --------- d-----w C:\Program Files\Apoint
2008-05-05 15:03 --------- d-----w C:\Program Files\Dell
2008-05-05 14:51 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Toshiba
2008-05-05 14:49 --------- d-----w C:\Program Files\Toshiba
2008-05-05 14:48 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Intel
2008-05-05 14:47 17,056 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-05 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-05-05 14:44 --------- d-----w C:\Program Files\Broadcom
2008-05-05 14:42 --------- d-----w C:\Program Files\CONEXANT
2008-05-05 14:31 --------- d-----w C:\Program Files\SigmaTel
2008-05-05 14:29 --------- d-----w C:\Program Files\Intel
2008-05-05 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 14:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-05 14:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-25 15:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-25 15:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-16 11:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-03-25 17:07 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:49 158,496 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:49 158,496 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:04 1,845,120 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:04 1,845,120 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2006-06-27 02:40 571,184 --sha-r C:\WINDOWS\system32\legitcheckcontrol.dll
2004-08-03 21:56 59,904 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [04/13/2004 05:12 PM 103936]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/05/2008 08:13 PM 932864]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [03/26/2008 06:41 PM 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [04/16/2008 12:53 PM 1079808]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"Privacy Suite"="C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" [11/20/2007 02:19 PM 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 09:56 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2005 11:26 AM 606208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 11:33 AM 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/15/2005 09:02 AM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/15/2005 09:02 AM 126976]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"Device Detector"="DevDetect.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [12/05/2007 12:03 AM 36640]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [04/13/2004 05:12 PM 103936]
"Vistadrv"="C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM 83608]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/15/2008 12:21 AM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Paltalk Messenger\\PALTALK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3130:UDP"= 3130:UDP:Windows Media Format SDK (IEXPLORE.EXE)
"3131:UDP"= 3131:UDP:Windows Media Format SDK (IEXPLORE.EXE)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [09/17/2007 03:53 PM]
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 01:36:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\WLKEEPER.EXE
C:\PROGRAM FILES\DELL\NICCONFIGSVC\NICCONFIGSVC.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\SITEADVISOR\6253\SASERVICE.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\ZCFGSVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\ACD SYSTEMS\EN\DEVDETECT.EXE
C:\PROGRAM FILES\APOINT\APNTEX.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\BRICOPACKS\VISTA INSPIRAT 2\ROCKETDOCK\ROCKETDOCK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\verclsid.exe
.
************************************************** ************************
.
Completion time: 05/17/2008 1:38:50 - machine was rebooted
********-quarantined-files.txt 2008-05-16 22:38:42
Pre-Run: 21,152,989,184 bytes free
Post-Run: 21,101,543,424 bytes free
236 --- E O F --- 2008-05-16 03:33:42
زيزوووم
17-05-2008, 09:01 AM
الله يبارك فيك ويسلمك
وجد عندك ملفات خبيثه :hh: وتم حذفها
هل اختف الرسائل ؟؟
لاهنت اعمل تقرير هايجاك جديد
غروري ضروري
17-05-2008, 09:50 AM
الله يجزك خير يا الغالي
وما ادري لانه ما تظهر بستمرار ولاكن من بعد التحليل الي برد السابق ما جات
ان شاء الله انها انحذفة لأنها قلق بصراحه
وهذا التحليل الجديد
ومشكوووووووووووور على رحابة صدرك يا الغالي
Logfile of HijackThis v1.99.1
Scan saved at 09:48:22 ص, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Microsoft\Application Data\CyberScrub\Privacy Suite"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
زيزوووم
17-05-2008, 11:19 AM
ويجزاك خير ويبارك فيك
الان التقرير تمام
بالتوفيق
vBulletin® v3.8.5, Copyright ©2000-2010, TranZ by Almuhajir