(تم حل المشكلة)الجهاز توني مسوي له فورمات وبطىئ

[خال ولد خال]

تقرير هايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:58:06 م, on 25/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\USER\Desktop\HiJackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - D:\WINDOWS\svchost.exe (file missing)
--
End of file - 5521 bytes

 

[AbOdy]

هلا بك

احذف القيم التاليه

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll



O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll




O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll



O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Power Manager (PowerManager) - Unknown owner - D:\WINDOWS\svchost.exe (file missing)

طريقة الحذف ​

​

​

​

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود​

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط ​

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

بعدها

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى


وعطني تقرير هايجاك مع تقرير هذه الأداة

بالأنتظار​

​

 

[خال ولد خال]

تقرير ComboFix

ComboFix 09-04-25.A1 - USER 04/25/2009 15:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2046.1610 [GMT 3:00]
Running from: d:\documents and settings\USER\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_POWERMANAGER
-------\Service_PowerManager

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.
2009-04-25 17:03 . 2009-04-25 17:03 -------- d-----w d:\documents and settings\All Users\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 17:08 . 2009-04-25 17:02 -------- d-----w d:\program files\Common Files\Adobe
2009-04-25 17:07 . 2009-04-25 14:36 -------- d--h--w d:\program files\InstallShield Installation Information
2009-04-25 17:03 . 2009-04-25 17:03 -------- d-----w d:\program files\CyberLink
2009-04-25 17:03 . 2009-04-25 14:36 -------- d-----w d:\program files\Common Files\InstallShield
2009-04-25 16:59 . 2009-04-25 16:59 172 ---ha-w D:\sqmnoopt05.sqm
2009-04-25 16:59 . 2009-04-25 16:59 172 ---ha-w D:\sqmdata05.sqm
2009-04-25 16:58 . 2009-04-25 16:55 -------- d-----w d:\program files\DivX
2009-04-25 16:54 . 2009-04-25 16:54 -------- d-----w d:\documents and settings\All Users\Application Data\Apple Computer
2009-04-25 16:54 . 2009-04-25 16:53 -------- d-----w d:\program files\K-Lite Codec Pack
2009-04-25 16:54 . 2009-04-25 16:54 -------- d-----w d:\documents and settings\USER\Application Data\bsplayer
2009-04-25 16:52 . 2009-04-25 16:52 -------- d-----w d:\program files\Common Files\xing shared
2009-04-25 16:52 . 2009-04-25 16:51 -------- d-----w d:\program files\Real
2009-04-25 16:51 . 2009-04-25 16:51 -------- d-----w d:\program files\Common Files\Real
2009-04-25 16:51 . 2009-04-25 16:51 499712 ----a-w d:\windows\system32\msvcp71.dll
2009-04-25 16:51 . 2009-04-25 16:51 348160 ----a-w d:\windows\system32\msvcr71.dll
2009-04-25 16:49 . 2009-04-25 16:49 -------- d-----w d:\program files\VideoLAN
2009-04-25 16:38 . 2009-04-25 16:38 268 ---ha-w D:\sqmdata04.sqm
2009-04-25 16:38 . 2009-04-25 16:38 244 ---ha-w D:\sqmnoopt04.sqm
2009-04-25 16:12 . 2009-04-25 16:12 172 ---ha-w D:\sqmnoopt03.sqm
2009-04-25 16:12 . 2009-04-25 16:12 172 ---ha-w D:\sqmdata03.sqm
2009-04-25 16:11 . 2009-04-25 16:11 280 ---ha-w D:\sqmdata02.sqm
2009-04-25 16:11 . 2009-04-25 16:11 244 ---ha-w D:\sqmnoopt02.sqm
2009-04-25 16:10 . 2009-04-25 16:10 268 ---ha-w D:\sqmdata01.sqm
2009-04-25 16:10 . 2009-04-25 16:10 244 ---ha-w D:\sqmnoopt01.sqm
2009-04-25 16:05 . 2009-04-25 16:05 268 ---ha-w D:\sqmdata00.sqm
2009-04-25 16:05 . 2009-04-25 16:05 244 ---ha-w D:\sqmnoopt00.sqm
2009-04-25 15:54 . 2009-04-25 13:54 166455 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-25 15:50 . 2009-04-25 15:50 2232 ----a-w d:\windows\java\Packages\Data\3ZDVTN3T.DAT
2009-04-25 15:50 . 2009-04-25 15:50 155995 ----a-w d:\windows\java\Packages\CS3DZJ3V.ZIP
2009-04-25 15:50 . 2009-04-25 15:50 2678 ----a-w d:\windows\java\Packages\Data\9RNLZDNF.DAT
2009-04-25 15:50 . 2009-04-25 15:50 2678 ----a-w d:\windows\java\Packages\Data\1VPBXVB3.DAT
2009-04-25 15:50 . 2009-04-25 15:50 2678 ----a-w d:\windows\java\Packages\Data\ENR17LFT.DAT
2009-04-25 15:50 . 2009-04-25 15:50 2678 ----a-w d:\windows\java\Packages\Data\7TVNJHRB.DAT
2009-04-25 15:50 . 2009-04-25 15:50 2678 ----a-w d:\windows\java\Packages\Data\031VDJ77.DAT
2009-04-25 15:40 . 2009-04-25 15:40 10520 ----a-w d:\windows\system32\avgrsstx.dll
2009-04-25 15:40 . 2009-04-25 15:40 325640 ----a-w d:\windows\system32\drivers\avgldx86.sys
2009-04-25 15:40 . 2009-04-25 15:40 108552 ----a-w d:\windows\system32\drivers\avgtdix.sys
2009-04-25 15:40 . 2009-04-25 15:40 -------- d-----w d:\program files\AVG
2009-04-25 15:40 . 2009-04-25 15:40 -------- d-----w d:\documents and settings\All Users\Application Data\avg8
2009-04-25 15:25 . 2009-04-25 15:25 -------- d-----w d:\program files\WIDCOMM
2009-04-25 15:01 . 2009-04-25 15:01 -------- d-----w d:\program files\Motorola
2009-04-25 14:36 . 2009-04-25 14:36 -------- d-----w d:\program files\Hewlett-Packard
2009-04-25 13:55 . 2009-04-25 13:55 -------- d-----w d:\program files\microsoft frontpage
2009-04-25 13:52 . 2009-04-25 13:52 21640 ----a-w d:\windows\system32\emptyregdb.dat
2009-04-25 12:12 . 2009-04-25 12:12 -------- d-----w d:\documents and settings\USER\Application Data\CyberScrub
2009-04-25 12:12 . 2009-04-25 12:12 -------- d-----w d:\documents and settings\USER\Application Data\cleaner
2009-04-25 12:09 . 2009-04-25 16:51 -------- d-----w d:\program files\Google
2009-04-24 22:51 . 2009-04-24 22:51 -------- d-----w d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-24 22:35 . 2009-04-25 16:36 -------- d-----w d:\program files\MSN Messenger
2009-04-24 22:35 . 2009-04-24 22:35 -------- d-----w d:\program files\Windows Live
2009-04-24 22:35 . 2009-04-24 22:35 -------- d-----w d:\program files\Messenger Plus! Live
2009-04-24 22:35 . 2009-04-25 14:02 99496 ----a-w d:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 21:32 . 2009-04-24 21:32 268 ---ha-w D:\sqmdata10.sqm
2009-04-24 21:32 . 2009-04-24 21:32 244 ---ha-w D:\sqmnoopt10.sqm
2009-04-24 21:29 . 2009-04-24 21:29 268 ---ha-w D:\sqmdata09.sqm
2009-04-24 21:29 . 2009-04-24 21:29 244 ---ha-w D:\sqmnoopt09.sqm
2009-04-24 21:12 . 2009-04-24 21:12 268 ---ha-w D:\sqmdata08.sqm
2009-04-24 21:12 . 2009-04-24 21:12 244 ---ha-w D:\sqmnoopt08.sqm
2009-04-24 21:09 . 2009-04-24 21:09 268 ---ha-w D:\sqmdata07.sqm
2009-04-24 21:09 . 2009-04-24 21:09 244 ---ha-w D:\sqmnoopt07.sqm
2009-04-24 18:33 . 2009-04-24 18:33 268 ---ha-w D:\sqmdata06.sqm
2009-04-24 18:33 . 2009-04-24 18:33 244 ---ha-w D:\sqmnoopt06.sqm
2009-04-24 18:27 . 2009-04-24 18:18 -------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-24 18:26 . 2009-04-24 18:26 -------- d-----w d:\program files\Microsoft Works
2009-04-24 18:25 . 2009-04-24 18:25 -------- d-----w d:\program files\MSBuild
.
------- Sigcheck -------
[-] 2007-09-01 16:46 1580544 0A874046BB7B547864811CFF0DD19724 d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="d:\program files\MSN Messenger\MsnMsgr.Exe" [2009-04-24 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"SMSERIAL"="d:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-06-24 729088]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-25 1932568]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-25 185896]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2007-08-20 16384512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-25 113664]
Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-25 15:40 10520 ----a-w d:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\System32\Drivers\avgldx86.sys [2009-04-25 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\System32\Drivers\avgtdix.sys [2009-04-25 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2009-04-25 908056]
S2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-25 298264]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.qa/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send To &Bluetooth - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-25 15:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\rundll32.exe
d:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
d:\windows\system32\nvsvc32.exe
d:\program files\AVG\AVG8\avgrsx.exe
d:\progra~1\AVG\AVG8\avgnsx.exe
d:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
d:\program files\AVG\AVG8\avgcsrvx.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-25 15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-25 12:22
Pre-Run: 66,570,051,584 bytes free
Post-Run: 66,508,029,952 bytes free
172



تقرير هايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:25:55 م, on 25/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\USER\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4746 bytes

 

[AbOdy]

التقارير سليمه

هل لازل بطء في الجهاز ؟؟

 

[خال ولد خال]

لا كل شي مضبوط الان وشكر لك على مساعدتي

 

[AbOdy]

الحمدلله على انتهاء مشكلتك

بالتوفيق يارب