ملتقى مدينة العيون - هل جهازك مصاب بفايروس او برامج خبيثه ؟ ( فيديو ) + ادوات معالجه الجهاز من الفيروسات

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:29:31 ص, on 01/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\XP\My Documents\التّنزيلات\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 212.93.193.87:8080
R3 - URLSearchHook: Messenger Plus Live Saudi Arabia Toolbar - {9d657fd4-0328-423a-b12d-9576cd92af19} - C:\Program Files\Messenger_Plus_Live_Saudi_Arabia\tbMess.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Messenger Plus Live Saudi Arabia Toolbar - {9d657fd4-0328-423a-b12d-9576cd92af19} - C:\Program Files\Messenger_Plus_Live_Saudi_Arabia\tbMess.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Messenger Plus Live Saudi Arabia Toolbar - {9d657fd4-0328-423a-b12d-9576cd92af19} - C:\Program Files\Messenger_Plus_Live_Saudi_Arabia\tbMess.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8161 bytes

اقتباس:

المشاركة الأصلية كتبت بواسطة عاشق العنابي (المشاركة 513041)

اخوي انا جاني برنامج اسمهmy security engine يقولون فيرس مخرب عندي الانترنت اكس بلور

وهذا شوف شنهو الخرب
logfile of trend micro hijackthis v2.0.2
scan saved at 12:53:24 م, on 31/03/2010
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v8.00 (8.00.6001.18702)
boot mode: Normal

running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\windows\system32\rundll32.exe
c:\program files\athan\athan.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\windows\system32\rundll32.exe
c:\program files\iminent\imbooster\imbooster.exe
c:\program files\iminent\searchtheweb\iminent.notifier.exe
c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\program files\messenger\msmsgs.exe
c:\progra~1\window~4\messen~1\msnmsgr.exe
c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
c:\windows\system32\ctfmon.exe
c:\program files\winzip\wzqkpick.exe
c:\program files\microsoft office\office12\onenotem.exe
c:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\tuneup utilities 2010\tuneuputilitiesservice32.exe
c:\program files\common files\ahead\lib\nmindexingservice.exe
c:\program files\tuneup utilities 2010\tuneuputilitiesapp32.exe
c:\program files\common files\ahead\lib\nmindexstoresvr.exe
c:\program files\opera\opera.exe
c:\documents and settings\all users\application data\c53716c\msc537.exe
c:\documents and settings\one\سطح المكتب\hijackthis.exe

r1 - hklm\software\microsoft\internet explorer\main,default_page_url = http://go.microsoft.com/fwlink/?linkid=69157
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = http://go.microsoft.com/fwlink/?linkid=54896
r1 - hklm\software\microsoft\internet explorer\main,search page = http://go.microsoft.com/fwlink/?linkid=54896
r0 - hklm\software\microsoft\internet explorer\main,start page = http://go.microsoft.com/fwlink/?linkid=69157
r1 - hkcu\software\microsoft\internet connection wizard,shellnext = http://go.divx.com/postinstall/win/en
r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyoverride = *.local
r3 - urlsearchhook: Urlsearchhook class - {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\genericasktoolbar.dll
r3 - urlsearchhook: Imbooster4web-en toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbimbo.dll
r3 - urlsearchhook: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sha.dll
o1 - hosts: 74.125.45.100 4-open-davinci.com
o1 - hosts: 74.125.45.100 securitysoftwarepayments.com
o1 - hosts: 74.125.45.100 privatesecuredpayments.com
o1 - hosts: 74.125.45.100 secure.privatesecuredpayments.com
o1 - hosts: 74.125.45.100 getantivirusplusnow.com
o1 - hosts: 74.125.45.100 secure-plus-payments.com
o1 - hosts: 74.125.45.100 www.getantivirusplusnow.com
o1 - hosts: 74.125.45.100 www.secure-plus-payments.com
o1 - hosts: 74.125.45.100 www.getavplusnow.com
o1 - hosts: 74.125.45.100 safebrowsing-cache.google.com
o1 - hosts: 74.125.45.100 urs.microsoft.com
o1 - hosts: 74.125.45.100 www.securesoftwarebill.com
o1 - hosts: 74.125.45.100 secure.paysecuresystem.com
o1 - hosts: 74.125.45.100 paysoftbillsolution.com
o1 - hosts: 74.125.45.100 protected.maxisoftwaremart.com
o1 - hosts: 209.212.147.138 www.google.com
o1 - hosts: 209.212.147.138 google.com
o1 - hosts: 209.212.147.138 google.com.au
o1 - hosts: 209.212.147.138 www.google.com.au
o1 - hosts: 209.212.147.138 google.be
o1 - hosts: 209.212.147.138 www.google.be
o1 - hosts: 209.212.147.138 google.com.br
o1 - hosts: 209.212.147.138 www.google.com.br
o1 - hosts: 209.212.147.138 google.ca
o1 - hosts: 209.212.147.138 www.google.ca
o1 - hosts: 209.212.147.138 google.ch
o1 - hosts: 209.212.147.138 www.google.ch
o1 - hosts: 209.212.147.138 google.de
o1 - hosts: 209.212.147.138 www.google.de
o1 - hosts: 209.212.147.138 google.dk
o1 - hosts: 209.212.147.138 www.google.dk
o1 - hosts: 209.212.147.138 google.fr
o1 - hosts: 209.212.147.138 www.google.fr
o1 - hosts: 209.212.147.138 google.ie
o1 - hosts: 209.212.147.138 www.google.ie
o1 - hosts: 209.212.147.138 google.it
o1 - hosts: 209.212.147.138 www.google.it
o1 - hosts: 209.212.147.138 google.co.jp
o1 - hosts: 209.212.147.138 www.google.co.jp
o1 - hosts: 209.212.147.138 google.nl
o1 - hosts: 209.212.147.138 www.google.nl
o1 - hosts: 209.212.147.138 google.no
o1 - hosts: 209.212.147.138 www.google.no
o1 - hosts: 209.212.147.138 google.co.nz
o1 - hosts: 209.212.147.138 www.google.co.nz
o1 - hosts: 209.212.147.138 google.pl
o1 - hosts: 209.212.147.138 www.google.pl
o1 - hosts: 209.212.147.138 google.se
o1 - hosts: 209.212.147.138 www.google.se
o1 - hosts: 209.212.147.138 google.co.uk
o1 - hosts: 209.212.147.138 www.google.co.uk
o1 - hosts: 209.212.147.138 google.co.za
o1 - hosts: 209.212.147.138 www.google.co.za
o1 - hosts: 209.212.147.138 www.google-analytics.com
o1 - hosts: 209.212.147.138 www.bing.com
o1 - hosts: 209.212.147.138 search.yahoo.com
o1 - hosts: 209.212.147.138 www.search.yahoo.com
o1 - hosts: 209.212.147.138 uk.search.yahoo.com
o1 - hosts: 209.212.147.138 ca.search.yahoo.com
o1 - hosts: 209.212.147.138 de.search.yahoo.com
o1 - hosts: 209.212.147.138 fr.search.yahoo.com
o1 - hosts: 209.212.147.138 au.search.yahoo.com
o2 - bho: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sha.dll
o2 - bho: Acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Imbooster4web-en toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbimbo.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: Chelperbho - {84ff7bd6-b47f-46f8-9130-01b2696b36cb} - c:\program files\iminent\searchtheweb\iminent.bho.navigatione rror.dll
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Iminent webbooster - {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\imbooster4web\iminent.webbooster.dll
o2 - bho: Iminent.linktocontent - {a6e9baaf-53cd-4575-967b-2af710a7d21f} - c:\program files\iminent\imbooster\iminent.linktocontent.dll
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: Google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\s wg.dll
o2 - bho: Ask toolbar bho - {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\genericasktoolbar.dll
o2 - bho: Java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: Jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: Google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: Imbooster4web-en toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbimbo.dll
o3 - toolbar: Ask toolbar - {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\genericasktoolbar.dll
o3 - toolbar: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sha.dll
o4 - hklm\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hklm\..\run: [athan] c:\program files\athan\athan.exe
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre6\bin\jusched.exe"
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [groovemonitor] "c:\program files\microsoft office\office12\groovemonitor.exe"
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [4shared update] "c:\documents and settings\one\سطح المكتب\4shared desktop\checkupdate.exe"
o4 - hklm\..\run: [imbooster] c:\program files\iminent\imbooster\imbooster.exe /warmup
o4 - hklm\..\run: [iminent.notifier] c:\program files\iminent\searchtheweb\iminent.notifier.exe
o4 - hkcu\..\run: [flashget 3] "c:\program files\flashget network\flashget 3\flashget3.exe" -minimize
o4 - hkcu\..\run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "c:\program files\common files\ahead\lib\nmbgmonitor.exe"
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkcu\..\run: [msnmsgr] "c:\progra~1\window~4\messen~1\msnmsgr.exe" /background
o4 - hkcu\..\run: [yahoo! Pager] "c:\progra~1\yahoo!\messen~1\yahoom~1.exe" -quiet
o4 - hkcu\..\run: [swg] "c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe"
o4 - hkcu\..\run: [bitcomet] "c:\program files\bitcomet\bitcomet.exe" /tray
o4 - hkcu\..\run: [4shared desktop] "c:\documents and settings\one\سطح المكتب\4shared desktop\desktop.exe" "startup"
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [my security engine] "c:\documents and settings\all users\application data\c53716c\msc537.exe" /s /d
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'default user')
o4 - startup: Onenote 2007 screen clipper and launcher.lnk = c:\program files\microsoft office\office12\onenotem.exe
o4 - global startup: Winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: &download all using 4shared desktop - c:\documents and settings\one\سطح المكتب\4shared desktop\down_all.htm
o8 - extra context menu item: &download using 4shared desktop - c:\documents and settings\one\سطح المكتب\4shared desktop\down_link.htm
o8 - extra context menu item: Google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_60d6 097707281e79.dll/cmsidewiki.html
o8 - extra context menu item: Save flash with flash catcher - res://c:\program files\common files\justdo\iecatcher.dll/flashcatcher.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: Paltalk - {4eafef58-eefa-4116-983d-03b49bcbfffe} - c:\program files\paltalk messenger\paltalk.exe
o9 - extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: Flash catcher - {90bae0ef-f4bf-4fac-b2ec-2c725c34af12} - c:\program files\common files\justdo\iecatcher.dll
o9 - extra 'tools' menuitem: Flash catcher - {90bae0ef-f4bf-4fac-b2ec-2c725c34af12} - c:\program files\common files\justdo\iecatcher.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o23 - service: ##id_string1.6844f930_1628_4223_b5cc_5bb94b879762# # (bonjour service) - apple computer, inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: Flexnet licensing service - macrovision europe ltd. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: Google update service (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: Google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: Nbservice - nero ag - c:\program files\nero\nero 7\nero backitup\nbservice.exe
o23 - service: Nmindexingservice - nero ag - c:\program files\common files\ahead\lib\nmindexingservice.exe
o23 - service: Nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
o23 - service: Tuneup drive defrag service (tuneup.defrag) - tuneup software - c:\program files\tuneup utilities 2010\tuneupdefragservice.exe
o23 - service: Tuneup utilities service (tuneup.utilitiessvc) - tuneup software - c:\program files\tuneup utilities 2010\tuneuputilitiesservice32.exe

--
end of file - 14724 bytes

طيب وانا ماشفت حل لي