ساعدوني شباب الله يخليكم ..

[AL-7arBi]

السلام عليكم و رحمه الله و بركاته

شوفوا يا شباب جهازي فيه فايروس عقدني

و هذا الفايروس يعمل هذي كلها

يعمل process للصبح في ادارة المهام مثل svchost يعملي منها فوق 10 .. و services.exe

و بروسيس غريبة مثل cmd.exe , hkcmd.exe , reader_s.exe

و اهم الشيء الفايروس هذا شال الـsystem restore

يبطئ لي النت

و هذا تقرير الهايجاك .. بالله شباب ساعدوني .. على علمكم انا شغلت الهايجاك و انا مسوي safemode

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:42 م , on 22/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2scan.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\gcc.exe,C:\WINDOWS\system32\vmware-ufad.exe,C:\WINDOWS\system32\codeblocks.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - Global Startup: AirLive WL-5480USB WLAN USB Utility.lnk = C:\Program Files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - D:\RealMapleStory\npkcmsvc.exe

--
End of file - 4613 bytes



​

 

[Demo-dashDemo-dash is verified member.]

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[PrinceOfPersia]

السلام عليكم

أزل القيم التالية
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe

O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe

O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe

O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe

O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe

O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe

O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [services] C:\WINDOWS\services.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')

 

[Run]

يا هلا والله با الخال
نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

اثناء الفحص ممكن يعاد تشغيل الجهاز​

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثم اعمل هايجاك اخر


​

 

[AL-7arBi]

تفضل اخوي هذا التقرير .. اخوي برينس عملت مثل ما قلت لي بس ما راح

ComboFix 09-03-19.02 - Administrator 03/23/2009 14:24:39.1 - NTFSx86 DSREPAIR
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.510.175 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\services.exe
c:\windows\system32\_000111_.tmp.dll
c:\windows\system32\3.tmp
c:\windows\system32\4.tmp
c:\windows\system32\8.tmp
c:\windows\system32\9.tmp
c:\windows\system32\A.tmp
c:\windows\system32\afisicx.exe
c:\windows\system32\codeblocks.exe
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\protect.sys
c:\windows\system32\ndetect.exe
c:\windows\system32\reader_s.exe
c:\windows\system32\tpszxyd.sys
E:\install.exe
H:\28.bat
H:\iqosrtk.bat
H:\qquq.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT
-------\Service_protect


((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 21:47 --------- d-----w c:\program files\a-squared Anti-Malware
2009-03-22 15:22 71,680 ----a-w c:\windows\system32\2A.tmp
2009-03-22 15:22 57,856 ----a-w c:\windows\system32\vmware-ufad.exe
2009-03-22 15:22 29,696 ----a-w c:\windows\system32\29.tmp
2009-03-22 14:53 71,680 ----a-w c:\windows\system32\25.tmp
2009-03-22 14:53 57,856 ----a-w c:\windows\system32\gcc.exe
2009-03-22 14:53 31,744 ----a-w c:\windows\system32\24.tmp
2009-03-22 12:28 71,680 ----a-w c:\windows\system32\11.tmp
2009-03-22 12:28 29,696 ----a-w c:\windows\system32\10.tmp
2009-03-22 12:28 188,928 ----a-w c:\windows\system32\i386kd.exe
2009-03-22 12:07 71,680 ----a-w c:\windows\system32\3B.tmp
2009-03-22 12:07 57,856 ----a-w c:\windows\system32\makehm.exe
2009-03-22 12:07 182,912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-22 12:06 29,696 ----a-w c:\windows\system32\3A.tmp
2009-03-22 11:45 3,854 ----a-w c:\windows\system32\1E.tmp
2009-03-21 14:57 --------- d-----w c:\documents and settings\Administrator\Application Data\Ahead
2009-03-21 14:45 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-03-21 14:44 --------- d-----w c:\program files\Nero
2009-03-21 14:44 --------- d-----w c:\program files\Common Files\Ahead
2009-03-21 14:10 359,040 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-03-21 14:10 359,040 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-03-21 14:08 --------- d-----w c:\program files\uTorrent
2009-03-21 10:26 --------- d-----w c:\program files\Total Video Converter
2009-03-21 10:16 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-21 10:16 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-21 10:16 --------- d-----w c:\program files\Real
2009-03-21 10:16 --------- d-----w c:\program files\Common Files\xing shared
2009-03-21 10:16 --------- d-----w c:\program files\Common Files\Real
2009-03-21 05:56 --------- d-----w c:\program files\SecondLife
2009-03-21 05:55 --------- d-----w c:\documents and settings\Administrator\Application Data\SecondLife
2009-03-21 04:13 --------- d-----w c:\program files\Common Files\INCA Shared
2009-03-20 21:44 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-20 19:51 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-20 19:48 --------- d-----w c:\program files\Windows Live
2009-03-20 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-20 18:53 --------- d-----w c:\documents and settings\Administrator\Application Data\Nexon
2009-03-20 18:46 --------- d-----w c:\program files\Windows Installer Clean Up
2009-03-20 18:46 --------- d-----w c:\program files\MSECACHE
2009-03-20 18:45 --------- d-----w c:\program files\Circe Developement
2009-03-20 18:39 --------- d-----w c:\program files\BreakPoint Software
2009-03-20 18:34 --------- d-----w c:\program files\Common Files\Adobe
2009-03-20 18:34 --------- d-----w c:\program files\Bonjour
2009-03-20 18:19 --------- d-----w c:\program files\The KMPlayer
2009-03-20 18:19 --------- d-----w c:\program files\Notepad++
2009-03-20 18:19 --------- d-----w c:\documents and settings\Administrator\Application Data\Notepad++
2009-03-20 18:18 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-20 18:07 --------- d-----w c:\program files\AMX Mod X
2009-03-20 18:06 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer PRO
2009-03-20 18:04 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-20 18:04 --------- d-----w c:\program files\Java
2009-03-20 17:39 --------- d-----w c:\program files\Sun
2009-03-20 17:37 --------- d-----w c:\program files\Webteh
2009-03-20 17:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 17:31 --------- d-----w c:\program files\AirLive WL-5480USB WLAN USB
2009-03-20 17:28 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-20 16:29 --------- d-----w c:\program files\microsoft frontpage
2009-02-06 15:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

03/21/2009 05:10 PM 359040 c81d6a930a7805f6daa0c7902b99037e c:\windows\system32\dllcache\TCPIP.SYS
03/21/2009 05:10 PM 359040 c81d6a930a7805f6daa0c7902b99037e c:\windows\system32\drivers\TCPIP.SYS

03/22/2009 03:07 PM 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
03/22/2009 03:07 PM 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

08/04/2004 12:56 AM 1042944 20a2a37f355f9f70335dc8a055be41e2 c:\windows\explorer.exe
08/04/2004 12:56 AM 1042944 f5fdce794f3506d3e45ef54f5d0a1995 c:\windows\system32\dllcache\explorer.exe

08/04/2004 12:56 AM 26112 ac90d945a29678f489a653a9f72c8e5e c:\windows\system32\ctfmon.exe
08/04/2004 12:56 AM 26112 5109b66e12688752d0a155f6264d2e0d c:\windows\system32\dllcache\ctfmon.exe

08/04/2004 12:56 AM 134144 84aea1a1515550903d48a23e3c7e59f0 c:\windows\system32\spoolsv.exe
08/04/2004 12:56 AM 101376 5c1669440c0d5baa637c687d7cb2515d c:\windows\system32\dllcache\spoolsv.exe

08/04/2004 12:56 AM 220160 a39068db54701ea5550733b57cec46b0 c:\windows\system32\wuauclt.exe
08/04/2004 12:56 AM 154624 55589405701c24ad800136c61719c398 c:\windows\system32\dllcache\wuauclt.exe

08/04/2004 12:56 AM 35328 7bfe38275ccb291196b3669a30331c75 c:\windows\system32\userinit.exe
08/04/2004 12:56 AM 35328 1c935939d584ffe2fb6394aa764ab050 c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [08/16/2007 04:19 PM 5728112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 26112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1711104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [12/11/2007 06:59 PM 167936]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [12/11/2007 06:58 PM 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [03/20/2009 09:04 PM 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/21/2009 01:16 PM 198160]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [03/22/2009 07:53 PM 2805904]
"AGRSMMSG"="AGRSMMSG.exe" [06/30/2005 06:27 AM 88204 c:\windows\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [06/30/2005 06:26 AM 589824 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 04:19 PM 5728112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive WL-5480USB WLAN USB Utility.lnk - c:\program files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe [2009-03-20 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Valve\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 ZD1211BU(AirLive);AirLive WL-5480USB WLAN USB Driver(AirLive);c:\windows\system32\drivers\ZD1211BU.sys [2009-03-20 402432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16850bae-15dc-11de-95b8-004f66004a55}]
\Shell\AutoRun\command - I:\w98.com
\Shell\open\Command - I:\w98.com
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-reader_s - c:\documents and settings\Administrator\reader_s.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8h7xtzep.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-23 14:33:42
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\realmaplestory\npkcmsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 03/23/2009 14:36:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-23 11:36:38

Pre-Run: 17,913,929,728 bytes free
Post-Run: 17,913,724,928 bytes free

188

​

 

[AL-7arBi]

وينكم شباب؟؟

 

[Corporation]

ارجع سو تقرير هايجاك جديد ..

 

[AL-7arBi]

-: تفضل اخوي :-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:08 ص , on 24/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\RealMapleStory\npkcmsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Total Video Converter\tvc.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: AirLive WL-5480USB WLAN USB Utility.lnk = C:\Program Files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - D:\RealMapleStory\npkcmsvc.exe

--
End of file - 4297 bytes

​

 

[Corporation]

أحذف التالي ,,

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

طريقة الحذف للاكس بي​

​

​

​

​

​

التحميل من هنا​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

التوافق : ويندوز اكسبي فقط ​

​

شرح الاستخدام ,,,,,,​

​

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )​

​

​

​

​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

​

​

​

وبكذا جهازك 100 %
​

​