مشكلة تعليق و مادري وش قصو اكسبلورر

[ديدودا]

السلام عليكم

مشكلتي بدت اليوم
كنت قاعد اتصفح عادي

حسيت انو الجهاز صار ابطئ قليلا

وقلت عادي بس لما طفيته
وشغلتة

جتني ذي الصورة

ومادري وش تقصد اول مرة اشوفها

وعدين علق الجهاز وشوف إدارة المهام

وهذا هاي جيك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:37:36 م, on 29/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HKLM] C:\update\explorer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Administrator\My Documents\transpar\TransBar.exe /s
O4 - HKCU\..\Run: [HKCU] C:\update\explorer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\update\explorer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\update\explorer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show all images in original quality - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX2\originalAll.htm
O8 - Extra context menu item: Show image in original quality - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX2\original.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer = 80.118.196.36,156.154.70.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA207EB8-3BD1-435F-B6F0-1C0BCE8C655A}: NameServer = 80.118.196.36,156.154.70.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: NameServer = 129.250.35.251,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer = 80.118.196.36,156.154.70.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: البرنامج الخفي لذاكرة التخزين المؤقت لفئات المكونات - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7932 bytes

وهذي قايئمة البرامج

µTorrent
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
BS.Player FREE
Camtasia Studio 6
CCleaner
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
DAEMON Tools Lite
DirectX10 RC2 Pre Fix 3
Easy GIF Animator 5.02
Flash Saver
GIF Movie Gear 4.1.2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Internet Download Manager
Java(TM) 6 Update 25
Language Packs
Language Packs
Messenger Plus! 5
Metin2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ARA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ARA
Microsoft .NET Framework 3.5 Language Pack SP1 - ara
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ARA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended ARA Language Pack
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox 4.0.1 (x86 ar)
MSVCRT
MSXML 6.0 SDK
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2497640)
Segoe UI
Seven Remix XP 2.41
TNod User & Password Finder
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR 4.00 (32-بت)
XML Paper Specification Shared Components Language Pack 1.0
أداة التحميل Windows Live Upload Tool
تحديث أمان لـ Windows Internet Explorer 8 (KB2482017)‎
تحديث أمان لـ Windows Internet Explorer 8 (KB971961)‎
تحديث أمان لـ Windows Internet Explorer 8 (KB981332)‎
تحديث أمان لـ Windows Internet Explorer 8 (KB982381)‎
تحديث برنامج هوت سبوت 1.00
تحديث لـ Windows Internet Explorer 8 (KB2447568)‎
تحديث لـ Windows Internet Explorer 8 (KB976662)‎
حزمة اللغة العربية الموسعة لـ Microsoft .NET Framework 4
حزمة اللغة العربية لـ Microsoft .NET Framework 4
حزمة اللغة لـ Microsoft .NET Framework 3.5 SP1 - ARA
مساعد تسجيل الدخول إلى Windows Live
مشغل الفلاش العربي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واي شي ثاني انا جاهز


​

 

[البارون]

طبق هذي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[ديدودا]

تحت الفحص

له 27 دقيقة وجد 11 فيروسات

مع العل لدي نود سكيرتي 5

وشكرا انتظرني

 

[البارون]

اخوي عندك حقن بالاكسبلورر

والنود نايم في العسل​

 

[ديدودا]

اها :?::f:

طيب المالوير ايشيله ان شاء الله؟؟

 

[البارون]

خله يخلص وهات التقرير وان شاء الله خير

 

[ديدودا]

اوكي انتضر كمان نص ساعة او ساعة بالكثير <<الجهاز امكانياته متوسطة

سو مشوار وبعدين تعال برب

 

[ديدودا]

باك تفضل

************' Anti-Malware 1.50.1.1100

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Database version: 6686

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/05/2011 09:53:30 م
mbam-log-2011-05-29 (21-53-30).txt

Scan type: Full scan (C:\|D:\|F:\|H:\|)
Objects scanned: 217852
Time elapsed: 54 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5L3W34BX-5080-P1A7-4RD1-3B6WFA30E21T} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5L3W34BX-5080-P1A7-4RD1-3B6WFA30E21T} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{5L3W34BX-5080-P1A7-4RD1-3B6WFA30E21T} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\administrator\local settings\application data\thinstall\Cache\Stubs\205dd0f5a02135073b875eb15998d8a7339718\superhideip.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\thinstall\Cache\Stubs\4b582f346a71ffdbc3f331fd9d634962ed5e7b6\Updater.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\thinstall\Cache\Stubs\4e9ba13a4485b08b4ad19235cfbb4cec14ec680\taskscheduler.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\thinstall\Cache\Stubs\673d3ded822658576feb5d7058e09c44cf48e2f8\precache.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\thinstall\Cache\Stubs\903ce129565383762917a889caaa513f7e335a0\plugin-container.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\system volume information\_restore{587d8c0b-ee77-48ad-a60e-97a990ae2b9f}\RP135\A0049624.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{587d8c0b-ee77-48ad-a60e-97a990ae2b9f}\RP135\A0049663.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{587d8c0b-ee77-48ad-a60e-97a990ae2b9f}\RP135\A0050376.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{587d8c0b-ee77-48ad-a60e-97a990ae2b9f}\RP135\A0050388.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\ie8\iexplore.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\mui\FALLBACK\0401\calc.exe.mui (Trojan.FakeAlert) -> Quarantined and deleted successfully.
d:\system volume information\_restore{587d8c0b-ee77-48ad-a60e-97a990ae2b9f}\RP127\A0042545.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
f:\system volume information\_restore{587d8c0b-ee77-48ad-a60e-97a990ae2b9f}\RP131\A0044964.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
f:\برامج\photoshop8me\فتوشوب 9 انجليزي\كيجين\photoshop cs2 me\keygen1.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
f:\برامج\photoshop8me\فتوشوب 9 انجليزي\a_p_cs2_me\keygen1.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\update\explorer.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
c:\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

[format]

بعد الاذن من اخوي البارون
ياريت تقرير هايجك جديد يااخوي
​

 

[ديدودا]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:41 م, on 29/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [************' Anti-Malware (reboot)] "C:\Documents and Settings\Administrator\Local Settings\Temp\zxq1\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Administrator\My Documents\transpar\TransBar.exe /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show all images in original quality - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX2\originalAll.htm
O8 - Extra context menu item: Show image in original quality - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX2\original.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer = 80.118.196.36,156.154.70.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA207EB8-3BD1-435F-B6F0-1C0BCE8C655A}: NameServer = 80.118.196.36,156.154.70.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: NameServer = 129.250.35.251,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer = 80.118.196.36,156.154.70.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: البرنامج الخفي لذاكرة التخزين المؤقت لفئات المكونات - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7843 bytes

 

[ديدودا]

سوف اعيد تشغيل الجهاز لارى كيف اصبح

.....

 

[format]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: Show all images in original quality - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX2\origina lAll.htm

O8 - Extra context menu item: Show image in original quality - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX2\origina l.htm

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

+

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[ديدودا]

SmitFraudFix v2.424

Scan done at 22:29:42.59, Sun 05/29/2011
Run from C:\Documents and Settings\Administrator\Application Data\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 tonec.com
127.0.0.1

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

127.0.0.1 registeridm.com
127.0.0.1

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\config.ini Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: أجهزة Bluetooth (شبكة الاتصال الشخصية)
DNS Server Search Order: 80.118.196.36
DNS Server Search Order: 156.154.70.1

Description: Intel(R) PRO/1000 MT Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 80.118.196.36
DNS Server Search Order: 156.154.70.1

Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 129.250.35.251
DNS Server Search Order: 208.67.222.222

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer=80.118.196.36,156.154.70.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AA207EB8-3BD1-435F-B6F0-1C0BCE8C655A}: NameServer=80.118.196.36,156.154.70.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: NameServer=129.250.35.251,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer=80.118.196.36,156.154.70.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AA207EB8-3BD1-435F-B6F0-1C0BCE8C655A}: NameServer=80.118.196.36,156.154.70.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: NameServer=129.250.35.251,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer=80.118.196.36,156.154.70.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AA207EB8-3BD1-435F-B6F0-1C0BCE8C655A}: NameServer=80.118.196.36,156.154.70.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: NameServer=129.250.35.251,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End






هاي جيك جديد


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:34:33, on 29/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Administrator\My Documents\transpar\TransBar.exe /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer = 80.118.196.36,156.154.70.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA207EB8-3BD1-435F-B6F0-1C0BCE8C655A}: NameServer = 80.118.196.36,156.154.70.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF38C250-928B-4404-A839-7C7AA94DA6E2}: NameServer = 129.250.35.251,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAA4078-4B22-43E6-8851-512B9479FB53}: NameServer = 80.118.196.36,156.154.70.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: البرنامج الخفي لذاكرة التخزين المؤقت لفئات المكونات - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6699 bytes

 

[ديدودا]

وانا اعد تشغيل الجهاز قبل ما اسوي الي طلبته وما كان في شي الحمد لله بس لتاكد

هل يوجد شي اخر

 

[format]

لع سلامات ياابو الحباب
باالتوفييق