[تم حل المشكلة]الجهاز والمتصفح وكل شئ يعلق

لـــيالـــي · 31 مايو 2009

بسم الله الرحمن الرحيم

السلام عليكم ورحمة الله وبركاته

عندي مشكله بدات تقريبا من اسبوع

انه الجهاز واي شئ يكون مفتوح من متصفح او مجلد او ماسنجر او اي شئ يعلق فجاءة

ويظل معلق من دقيقه الى دقيقتان ويرجع يشتغل ومن ثم يرجع يعلق

ومدري وش المشكله

اتمنى من اخواني المساعده

لكم ودي واحترامي

أعتز بك · 31 مايو 2009

وعليكم السلام

حيااكي يا الغلا

أعمل التالي

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني

[/B]

لـــيالـــي · 31 مايو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:14:42 م, on 31/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\FCBHO.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htm
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\FCIEXT.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: خدمة تحديث Google (gupdate1c9ca913f2fd3dc) (gupdate1c9ca913f2fd3dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7576 bytes

أعتز بك · 31 مايو 2009

الآن حملي الأداة التاليه

واتبعي الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وبعدها

عطلي برامج الحماية لديك

نزلي هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

بالآآنتظآر ..

لـــيالـــي · 31 مايو 2009

ComboFix 09-05-30.04 - User 05/31/2009 18:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.964.1033.18.3326.2671 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\lolo\برامج\123.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 12:04 . 2009-05-31 12:04 -------- d-----w- c:\documents and settings\User\Application Data\QuickScan
2009-05-31 12:03 . 2009-05-18 20:52 507904 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\g59qu2lz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-05-31 12:03 . 2009-05-18 20:52 565248 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\g59qu2lz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-05-30 23:53 . 2009-05-31 15:24 -------- d-----w- c:\windows\system32\CatRoot2
2009-05-30 23:06 . 2009-05-30 23:06 -------- d-----w- c:\program files\FlashCapture
2009-05-29 20:42 . 2009-05-30 10:34 -------- d-----w- c:\program files\BuddyCheck
2009-05-29 13:46 . 2009-05-31 09:40 -------- d-----w- c:\documents and settings\User\Application Data\Nuotex
2009-05-29 10:45 . 2009-05-29 10:45 81920 ----a-w- c:\documents and settings\User\Application Data\ezpinst.exe
2009-05-29 10:45 . 2009-05-29 10:45 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-29 10:45 . 2009-05-29 10:45 47360 ----a-w- c:\documents and settings\User\Application Data\pcouffin.sys
2009-05-29 10:45 . 2009-05-29 10:45 -------- d-----w- c:\documents and settings\User\Application Data\Vso
2009-05-29 10:45 . 2004-02-22 13:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-05-29 10:45 . 2005-10-28 21:44 308224 ----a-w- c:\windows\system32\avisynth.dll
2009-05-29 10:45 . 2009-05-29 10:47 -------- d-----w- c:\program files\Video Convert Master
2009-05-28 17:07 . 2008-08-25 09:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-05-28 17:07 . 2008-08-25 09:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-05-28 17:07 . 2008-08-25 09:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-05-28 17:07 . 2008-06-02 13:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-05-28 17:07 . 2009-05-28 17:27 -------- d-----w- c:\program files\Spyware Doctor
2009-05-28 17:07 . 2009-05-28 17:07 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2009-05-21 21:50 . 2009-05-22 19:53 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-21 19:08 . 2009-05-21 19:08 -------- d-----w- C:\tmp
2009-05-21 19:07 . 2009-05-21 19:07 -------- d-----w- C:\ZillaPDFtoTXTConverter
2009-05-21 13:03 . 2009-05-21 13:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-21 13:03 . 2009-05-30 15:03 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-05-21 13:03 . 2009-05-30 17:03 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-05-21 13:02 . 2009-05-21 13:02 -------- d-----w- c:\program files\Common Files\Skype
2009-05-21 13:02 . 2009-05-21 13:02 -------- d-----r- c:\program files\Skype
2009-05-21 13:02 . 2009-05-21 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-20 12:18 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-05-20 12:18 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-05-20 12:18 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-20 12:18 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-05-20 12:18 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-05-20 12:18 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-20 12:18 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-20 12:18 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-05-20 12:18 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-05-20 12:18 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-20 12:18 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-20 12:18 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-20 11:46 . 2009-05-20 11:46 -------- d-----w- c:\windows\system32\scripting
2009-05-20 11:46 . 2009-05-20 11:46 -------- d-----w- c:\windows\system32\en
2009-05-20 11:46 . 2009-05-20 11:46 -------- d-----w- c:\windows\l2schemas
2009-05-20 11:46 . 2009-05-20 11:46 -------- d-----w- c:\windows\system32\bits
2009-05-20 11:44 . 2009-05-20 11:46 -------- d-----w- c:\windows\ServicePackFiles
2009-05-19 16:48 . 2009-05-19 16:48 -------- d-----w- c:\documents and settings\User\Application Data\Nokia Multimedia Player
2009-05-18 11:41 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 20:10 . 2009-05-19 17:20 -------- d-----w- c:\program files\Power Mp3 Cutter(Mp3 Sound Cutter)
2009-05-17 16:47 . 2004-03-29 12:23 90112 ----a-w- c:\windows\unvise32.exe
2009-05-17 16:47 . 2009-05-17 16:47 -------- d-----w- c:\program files\SWiSHmax
2009-05-17 00:31 . 2009-05-17 00:31 -------- d-----w- c:\program files\مشغل الفلاش العربي
2009-05-15 11:08 . 2009-05-15 11:10 -------- d-----w- c:\program files\TVAnts
2009-05-15 11:08 . 2009-05-15 11:10 -------- d-----w- c:\program files\SatelliteTVforPC
2009-05-15 11:08 . 2009-05-15 11:10 -------- d-----w- c:\windows\uninstall
2009-05-15 10:53 . 2009-05-15 10:53 -------- d-----w- c:\documents and settings\User\Application Data\Datalayer
2009-05-15 10:53 . 2009-05-17 20:25 -------- d-----w- c:\documents and settings\User\Phone Browser
2009-05-07 13:37 . 2009-05-07 13:37 -------- d-----w- c:\documents and settings\User\Application Data\Media Player Classic
2009-05-05 17:06 . 2009-05-05 17:06 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Identities
2009-05-04 08:40 . 2009-05-04 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-03 22:26 . 2005-09-23 15:29 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-03 22:13 . 2009-05-03 22:13 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-03 22:01 . 2009-05-30 16:26 -------- d-----w- c:\program files\GVR
2009-05-03 21:53 . 2009-05-03 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-03 21:44 . 2009-05-03 21:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-03 21:44 . 2009-05-03 21:44 -------- d-----w- c:\program files\Java
2009-05-03 21:43 . 2009-05-03 21:43 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-03 21:38 . 2009-05-03 21:38 -------- d-s---w- c:\documents and settings\User\UserData
2009-05-03 17:55 . 2009-05-03 17:55 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Help
2009-05-03 17:52 . 2009-05-03 17:52 -------- d-----w- c:\program files\DCETools
2009-05-03 16:42 . 2009-05-03 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-03 16:42 . 2009-05-03 16:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-03 14:52 . 2009-05-03 14:52 -------- d-----w- c:\program files\CCleaner
2009-05-03 14:36 . 2009-05-03 14:36 -------- d-----w- c:\documents and settings\User\Application Data\Avira
2009-05-03 14:33 . 2009-05-03 14:41 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-03 14:33 . 2009-02-13 08:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-03 14:33 . 2009-02-13 08:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-03 14:33 . 2009-05-03 14:33 -------- d-----w- c:\program files\Avira
2009-05-03 00:37 . 2009-05-03 00:37 -------- d-----w- c:\documents and settings\User\Application Data\URSoft
2009-05-03 00:37 . 2009-05-03 17:42 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-02 23:17 . 2009-05-03 14:41 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-02 23:17 . 2009-05-03 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-02 23:16 . 2009-05-02 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-05-02 17:48 . 2009-05-02 17:48 -------- d-----w- c:\program files\Microsoft
2009-05-02 14:57 . 2009-05-22 16:37 52774944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-02 13:48 . 2009-05-02 13:48 -------- d-----w- c:\documents and settings\User\Application Data\CyberScrub
2009-05-02 12:04 . 2009-05-15 11:08 -------- d-----w- c:\program files\cFosSpeed
2009-05-02 11:21 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-02 11:21 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-05-02 11:19 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-05-02 11:19 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-05-01 20:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-05-01 20:58 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-01 20:51 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-05-01 20:49 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-05-01 20:36 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-05-01 20:08 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-01 20:08 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-01 19:54 . 2009-05-22 19:53 -------- d-----w- c:\documents and settings\User\Application Data\Paltalk
2009-05-01 19:29 . 2009-05-01 19:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-01 19:17 . 2009-05-01 19:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Real
2009-05-01 19:17 . 2009-05-01 19:17 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-01 19:15 . 2009-05-01 19:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-01 19:15 . 2009-05-01 19:27 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2009-05-01 19:15 . 2009-05-01 19:16 -------- d-----w- c:\program files\Google
2009-05-01 19:08 . 2009-05-01 19:08 -------- d-----w- c:\program files\Trend Micro
2009-05-01 18:16 . 2009-05-02 17:48 -------- d-----w- c:\program files\Windows Live
2009-05-01 17:50 . 2009-05-01 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 15:24 . 2009-05-01 00:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-31 15:15 . 2009-05-02 13:47 -------- d-----w- c:\documents and settings\User\Application Data\cleaner
2009-05-22 16:37 . 2009-05-02 14:57 620576 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-21 23:48 . 2008-07-03 03:02 187280 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 21:58 . 2009-05-01 08:03 -------- d-----w- c:\program files\Avant Browser
2009-05-03 21:14 . 2009-05-03 21:14 2678 ----a-w- c:\windows\java\Packages\Data\YJV1FPB9.DAT
2009-05-03 21:13 . 2009-05-03 21:13 2678 ----a-w- c:\windows\java\Packages\Data\V73VBJR7.DAT
2009-05-03 21:13 . 2009-05-03 21:13 2678 ----a-w- c:\windows\java\Packages\Data\5FXVV9FL.DAT
2009-05-03 21:13 . 2009-05-03 21:13 2678 ----a-w- c:\windows\java\Packages\Data\ZPJB9NHV.DAT
2009-05-03 21:13 . 2009-05-03 21:13 2678 ----a-w- c:\windows\java\Packages\Data\6YDJH3XF.DAT
2009-05-03 17:42 . 2009-05-01 09:48 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-03 17:42 . 2008-07-26 23:30 -------- d-----w- c:\program files\DivX
2009-05-03 16:45 . 2008-07-26 23:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-02 16:40 . 2008-07-03 02:50 172775 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-01 19:16 . 2008-07-26 23:31 -------- d-----w- c:\program files\Common Files\Real
2009-05-01 18:19 . 2009-04-30 22:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-01 15:40 . 2009-05-01 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-01 14:47 . 2009-05-01 11:24 -------- d-----w- c:\program files\MSECACHE
2009-05-01 13:47 . 2009-05-01 13:47 -------- d-----w- c:\documents and settings\User\Application Data\Ahead
2009-05-01 13:19 . 2009-05-01 13:19 -------- d-----w- c:\documents and settings\User\Application Data\Nokia
2009-05-01 13:04 . 2009-05-01 13:04 390664 ----a-w- c:\documents and settings\User\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-01 13:00 . 2009-05-01 12:59 -------- d-----w- c:\documents and settings\User\Application Data\PC Suite
2009-05-01 13:00 . 2009-05-01 13:00 -------- d-----w- c:\program files\DIFX
2009-05-01 13:00 . 2009-05-01 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-01 12:59 . 2009-05-01 12:59 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-01 12:59 . 2009-05-01 12:59 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-01 12:59 . 2009-05-01 12:59 -------- d-----w- c:\program files\Nokia
2009-05-01 12:45 . 2008-07-26 23:28 -------- d-----w- c:\documents and settings\User\Application Data\AVGTOOLBAR
2009-05-01 10:43 . 2009-05-01 10:43 -------- d-----w- c:\program files\VideoCAM Trek
2009-05-01 10:43 . 2009-05-01 10:43 -------- d-----w- c:\program files\Common Files\VCAMTrek
2009-05-01 10:43 . 2008-07-03 04:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-01 09:48 . 2009-05-01 09:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-01 08:03 . 2009-05-01 08:03 0 ----a-w- c:\windows\nsreg.dat
2009-05-01 08:03 . 2009-05-01 08:03 -------- d-----w- c:\documents and settings\User\Application Data\Avant Profiles
2009-05-01 01:39 . 2009-05-01 01:14 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-04-30 23:28 . 2008-07-26 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-30 23:18 . 2009-04-30 23:18 -------- d-----w- c:\documents and settings\User\Application Data\ACD Systems
2009-04-30 23:14 . 2008-07-26 21:27 -------- d-----w- c:\program files\Yahoo!
2009-04-30 22:27 . 2008-07-26 21:06 -------- d-----w- c:\program files\CyberLink
2009-04-30 22:24 . 2009-04-30 22:24 -------- d-----w- c:\program files\Common Files\Windows Live
2009-03-07 08:26 . 2009-03-07 08:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-03-06 14:22 . 2004-08-03 22:56 284160 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-06-11 176128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [16/11/2008 01:55 ص 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [16/11/2008 01:55 ص 52224]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16/11/2008 01:53 ص 13696]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [03/05/2009 05:33 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/05/2009 05:33 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [03/05/2009 05:33 م 432897]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [28/05/2009 08:07 م 356920]
S2 gupdate1c9ca913f2fd3dc;خدمة تحديث Google (gupdate1c9ca913f2fd3dc);c:\program files\Google\Update\GoogleUpdate.exe [01/05/2009 10:15 م 133104]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [12/07/2007 12:08 ص 714240]
S3 WMP300Nv2;Linksys Wireless-N PCI Adapter WMP300Nv2 Service;c:\windows\system32\drivers\WMP300Nv2.sys [03/07/2008 02:03 م 743424]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 19:15]

2009-05-28 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]

2009-05-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Save F&lash with FlashCapture - c:\program files\FlashCapture\FCIEXT.dll/FCIEXT.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\g59qu2lz.default\
FF - prefs.js: browser.startup.homepage - hxxp://ar.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ar

fficial
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\g59qu2lz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\g59qu2lz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-31 18:24
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(648)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSAR.DLL
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-05-31 18:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 15:26
ComboFix2.txt 2009-05-02 14:51

Pre-Run: 254,377,164,800 bytes free
Post-Run: 254,232,195,072 bytes free

291 --- E O F --- 2009-05-28 19:53

لـــيالـــي · 31 مايو 2009

من 3 ايام الاحظ الماوس يتحرك من نفسه حركه عشوائيه

ويزيد التعليق لما افتح الايميل

أعتز بك · 31 مايو 2009

تقرير هايجاك جديد لا هنتي

حمل هذا البرنامج
[/B]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني

لـــيالـــي · 31 مايو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:34:56 م, on 31/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\FCBHO.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htm
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\FCIEXT.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: خدمة تحديث Google (gupdate1c9ca913f2fd3dc) (gupdate1c9ca913f2fd3dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7467 bytes

أعتز بك · 31 مايو 2009

التقرير سليم

أعملي كما في هذه المشاركة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بالآآتظآآر ,,

لـــيالـــي · 31 مايو 2009

Engine Version : 5300.2777
Engine Load Time : 11515 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan

Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\avguard.tmp : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\User\NTUSER.DAT : Scan Failed
c:\Documents and Settings\User\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\g59qu2lz.default\parent.lock : Scan Failed
c:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\g59qu2lz.default\places.sqlite-journal : Scan Failed
File : c:\Documents and Settings\User\Desktop\hamody\برامج\كشف الاوفلاين ياهو\كشف الاوفلاين\BuddyCheck-1.0.3-Setup.exe : contains "Trojan" called "Puper" (Deleted )
c:\Documents and Settings\User\Desktop\hamody\برامج\كشف الاوفلاين ياهو\كشف الاوفلاين\BuddyCheck-1.0.3-Setup.exe : Deleted
c:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\User\Local Settings\temp\etilqs_38L8gFetOKjOyM4E3BT6 : Scan Failed
c:\Documents and Settings\User\Local Settings\temp\etilqs_38L8gFetOKjOyM4E3BT6-journal : Scan Failed
c:\Documents and Settings\User\Local Settings\temp\etilqs_3F7GaABaa5EY1wXzoaHi : Scan Failed
c:\Documents and Settings\User\Local Settings\temp\Perflib_Perfdata_c74.dat : Scan Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\Temp\Perflib_Perfdata_74.dat : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 51889
FilesScanned : 33827
FilesNotScanned : 18062

ObjectsFound : 103404
ObjectsInfected : 1
ObjectsCleaned : 0
ObjectsDeleted : 1

FilesInfected : 1
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 1

Started at : 08:11:26 م 07 جمادى الثانية, 1430
Ended at : 08:26:55 م 07 جمادى الثانية, 1430
Duration : 15 minutes 28 seconds
5798 MB scanned in 928 seconds = 6 MB/s
Engine Version : 5300.2777
Engine Load Time : 11000 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Summary :-
FilesFound : 1587
FilesScanned : 850
FilesNotScanned : 737

ObjectsFound : 2803
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 08:27:07 م 07 جمادى الثانية, 1430
Ended at : 08:27:29 م 07 جمادى الثانية, 1430
Duration : 21 seconds
114 MB scanned in 21 seconds = 5 MB/s

أعتز بك · 31 مايو 2009

كيف وضع الجهاز الآن

لـــيالـــي · 31 مايو 2009

الى الان لم يعلق الجهاز

وتسلم ياخوي تعبتك الف شكر

أعتز بك · 31 مايو 2009

لـــيالـــي قال:
الى الان لم يعلق الجهاز

وتسلم ياخوي تعبتك الف شكر

الحمد الله

العفو يا الغلا

وتفضلي هذا الموضوع

من شان يسااعدك انك تحافظي على جهازك من التعليق والبطء

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بالتوفيق يا غاليه ...

تحياتي

لـــيالـــي · 31 مايو 2009

الف شكر لك ياخوي وماقصرت

بارك الله فيك

أعتز بك · 31 مايو 2009

لـــيالـــي قال:
الف شكر لك ياخوي وماقصرت

بارك الله فيك

العفو يا الغلا

اللهم آآمين وياااكي أخي

موفقه

[تم حل المشكلة]الجهاز والمتصفح وكل شئ يعلق

لـــيالـــي

زيزوومي جديد

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

لـــيالـــي

زيزوومي جديد

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

لـــيالـــي

زيزوومي جديد

لـــيالـــي

زيزوومي جديد

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

لـــيالـــي

زيزوومي جديد

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

لـــيالـــي

زيزوومي جديد

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

لـــيالـــي

زيزوومي جديد

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

لـــيالـــي

زيزوومي جديد

أعتز بك

زيزوومى محترف

توقيع : أعتز بك

NTLite Business 2025.8.10552 X64