مشكلة exe جديدة

[ahmedva]

السلام عليكم يا أصدقائي
أنا عندي مشكلة تم عرضها من قبل في المواضيع و هي مشكلة exe
أنا قرأت ذلك الموضوع و نزلت البرامج المطلوبة ناقص بس حد يقرأ التقرير بتاع البرنامج ويقولي أعمل إيه و التقرير أه:

ComboFix 09-05-30.03 - Ahmed 31/05/2009 15:08.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.44.1033.18.766.403 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 09:23 . 2009-05-31 09:23 -------- d-sh--w C:\FOUND.003
2009-05-30 10:32 . 2009-05-30 10:32 -------- d-sh--w C:\FOUND.002
2009-05-28 11:52 . 2009-05-28 11:52 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-28 11:42 . 2009-05-28 11:42 -------- d-----w c:\documents and settings\Ahmed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-28 11:42 . 2009-05-28 11:52 38208 ----a-w c:\documents and settings\Ahmed\Application Data\Macromedia\Flash Player\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-23 11:21 . 2009-05-23 11:21 -------- d-sh--w C:\FOUND.001
2009-05-23 07:24 . 2009-05-23 07:24 -------- d-sh--w C:\FOUND.000
2009-05-19 08:54 . 2009-05-19 08:54 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-19 08:54 . 2009-04-27 12:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-19 08:54 . 2009-05-19 08:54 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 11:44 . 2009-02-18 12:34 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-31 11:44 . 2009-02-18 12:34 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-31 11:44 . 2009-02-18 12:34 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-31 11:44 . 2009-02-18 12:34 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-31 11:44 . 2009-01-06 08:19 12 ----a-w c:\windows\bthservsdp.dat
2009-05-31 11:32 . 2009-05-31 11:32 -------- d-----w c:\documents and settings\Ahmed\Application Data\CyberScrub
2009-05-31 11:32 . 2009-05-31 11:32 -------- d-----w c:\documents and settings\Ahmed\Application Data\cleaner
2009-05-26 14:00 . 2007-10-23 22:47 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-26 09:26 . 2008-04-20 09:48 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-26 09:26 . 2005-09-23 04:01 153800 ----a-w c:\windows\system32\vsjitdebugger.exe
2009-05-26 09:21 . 2008-06-03 14:22 110592 ----a-w c:\documents and settings\Ahmed\Application Data\U3\temp\cleanup.exe
2009-05-26 09:21 . 2008-06-03 14:21 3072000 ---ha-w c:\documents and settings\Ahmed\Application Data\U3\temp\Launchpad Removal.exe
2009-05-26 09:19 . 2009-02-18 12:34 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-26 09:19 . 2009-02-18 12:34 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-26 09:02 . 2008-03-01 07:45 45056 ----a-r c:\documents and settings\Ahmed\Application Data\Microsoft\Installer\{90B5E602-1867-449D-86FD-FC9DEA4434BF}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2009-05-26 08:44 . 2008-04-25 13:46 70992 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe
2009-05-24 12:55 . 2008-04-09 08:05 77312 ----a-w c:\windows\ua2.dll
2009-04-05 08:57 . 2009-04-05 08:57 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-05 08:57 . 2009-04-05 08:57 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-06 13:44 . 2004-08-03 21:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 23:18 . 2004-08-03 21:56 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-03-28 21712680]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2009-05-26 2035712]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-08 1067520]
"Google Update"="c:\documents and settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-23 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2009-05-26 266240]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-05-26 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-26 259624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-18 201992]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CryptSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26151:TCP"= 26151:TCP:BitComet 26151 TCP
"26151:UDP"= 26151:UDP:BitComet 26151 UDP
"18422:TCP"= 18422:TCP:BitComet 18422 TCP
"18422:UDP"= 18422:UDP:BitComet 18422 UDP
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18:29 33808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [19/05/2009 11:54 604416]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20:07 24592]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\hlnnin.sys --> c:\windows\system32\drivers\hlnnin.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-2077806209-682003330-1003.job
- c:\documents and settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 07:47]

2009-05-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 126.100.100.103:8080
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - {89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - c:\program files\IEToolbar\شريط أدوات الدرر السنية\ltr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-31 15:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
Completion time: 2009-05-31 15:12
ComboFix-quarantined-files.txt 2009-05-31 12:12
ComboFix2.txt 2009-05-31 11:20

Pre-Run: 3,271,704,576 bytes free
Post-Run: 3,260,612,608 bytes free

153 --- E O F --- 2009-05-06 14:31​

و جزاكم الله خيراً و في إنتظار ردكم سريعا لأن جهازي خربان و هناك الكثير من البرامج غير شغال.

 

[format]

و عليكم السلام و رحمة الله و بركته ...

حياك الله ...

أعمل التالي ...

حمل هذه الأداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها و روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقرير داخل مفكرة ...

أنسخه كاملا ً ... و بشكل صحيح ...

و لصقه في ردك القادم ...​

 

[ahmedva]

السلام عليكم مشكور يا أخي خذ التقرير:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:18, on 31/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\BitComet\BitComet.exe
C:\Downloads\HiJackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 126.100.100.103:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O3 - Toolbar: O??? ?I?CE C?I?? C????E - {89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - C:\Program Files\IEToolbar\O??? ?I?CE C?I?? C????E\ltr.dll (file missing)
O4 - HKLM\..\Run: [StatusClient 2.6] "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: O??? ?I?CE C?I?? C????E - {89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - C:\Program Files\IEToolbar\O??? ?I?CE C?I?? C????E\ltr.dll (file missing)
O9 - Extra 'Tools' menuitem: O??? ?I?CE C?I?? C????E - {89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - C:\Program Files\IEToolbar\O??? ?I?CE C?I?? C????E\ltr.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{318D0D71-CA7B-4BCB-9FF5-0055133E52C1}: NameServer = 126.126.0.120,84.36.254.250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8015 bytes

 

[format]

اسف على التأخري بسبب ضعف النت المفاجئ

قم بحدف التالي

O3 - Toolbar: O??? ?I?CE C?I?? C????E - {89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - C:\Program Files\IEToolbar\O??? ?I?CE C?I?? C????E\ltr.dll (file missing)


O9 - Extra button: O??? ?I?CE C?I?? C????E - {89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - C:\Program Files\IEToolbar\O??? ?I?CE C?I?? C????E\ltr.dll (file missing)


O9 - Extra 'Tools' menuitem: O??? ?I?CE C?I?? C????E - {89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - C:\Program Files\IEToolbar\O??? ?I?CE C?I?? C????E\ltr.dll (file missing)


O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)​

 

[format]

طريقة الحذف للاكس بي​

​

​

​

​

​

بعدين استخدم ها الادوات

التحميل من هنا​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

التوافق : ويندوز اكسبي فقط ​

​

شرح الاستخدام ,,,,,,​

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )​

​

​

​

​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

​

بعدين

عطل جميع برامج الحمايه ,,

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة​

​

​

 

[ahmedva]

السلام عليك يا أخي خذ هذا التقرير الثاني الذي طلبته :
ComboFix 09-05-30.04 - Ahmed 31/05/2009 18:16.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.44.1033.18.766.395 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.
2009-05-31 09:23 . 2009-05-31 09:23 -------- d-sh--w- C:\FOUND.003
2009-05-30 10:32 . 2009-05-30 10:32 -------- d-sh--w- C:\FOUND.002
2009-05-28 11:52 . 2009-05-28 11:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-28 11:42 . 2009-05-28 11:42 -------- d-----w- c:\documents and settings\Ahmed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-28 11:42 . 2009-05-28 11:52 38208 ----a-w- c:\documents and settings\Ahmed\Application Data\Macromedia\Flash Player\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-23 11:21 . 2009-05-23 11:21 -------- d-sh--w- C:\FOUND.001
2009-05-23 07:24 . 2009-05-23 07:24 -------- d-sh--w- C:\FOUND.000
2009-05-19 08:54 . 2009-05-19 08:54 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-19 08:54 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-19 08:54 . 2009-05-19 08:54 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 15:09 . 2009-02-18 12:34 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-05-31 15:09 . 2009-02-18 12:34 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-31 15:09 . 2009-02-18 12:34 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-31 15:09 . 2009-02-18 12:34 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-31 15:09 . 2009-01-06 08:19 12 ----a-w- c:\windows\bthservsdp.dat
2009-05-31 11:32 . 2009-05-31 11:32 -------- d-----w- c:\documents and settings\Ahmed\Application Data\CyberScrub
2009-05-31 11:32 . 2009-05-31 11:32 -------- d-----w- c:\documents and settings\Ahmed\Application Data\cleaner
2009-05-26 14:00 . 2007-10-23 22:47 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-05-26 09:26 . 2008-04-20 09:48 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-05-26 09:26 . 2005-09-23 04:01 153800 ----a-w- c:\windows\system32\vsjitdebugger.exe
2009-05-26 09:21 . 2008-06-03 14:22 110592 ----a-w- c:\documents and settings\Ahmed\Application Data\U3\temp\cleanup.exe
2009-05-26 09:21 . 2008-06-03 14:21 3072000 ---ha-w- c:\documents and settings\Ahmed\Application Data\U3\temp\Launchpad Removal.exe
2009-05-26 09:19 . 2009-02-18 12:34 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-26 09:19 . 2009-02-18 12:34 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-26 09:02 . 2008-03-01 07:45 45056 ----a-r- c:\documents and settings\Ahmed\Application Data\Microsoft\Installer\{90B5E602-1867-449D-86FD-FC9DEA4434BF}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2009-05-26 08:44 . 2008-04-25 13:46 70992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe
2009-05-24 12:55 . 2008-04-09 08:05 77312 ----a-w- c:\windows\ua2.dll
2009-04-05 08:57 . 2009-04-05 08:57 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-04-05 08:57 . 2009-04-05 08:57 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-06 13:44 . 2004-08-03 21:56 283648 ----a-w- c:\windows\system32\pdh.dll
2009-03-02 23:18 . 2004-08-03 21:56 826368 ----a-w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-03-28 21712680]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2009-05-26 2035712]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-08 1067520]
"Google Update"="c:\documents and settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-23 133104]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\Ahmed\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2009-05-26 266240]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-05-26 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-26 259624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-18 201992]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CryptSvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26151:TCP"= 26151:TCP:BitComet 26151 TCP
"26151:UDP"= 26151:UDP:BitComet 26151 UDP
"18422:TCP"= 18422:TCP:BitComet 18422 TCP
"18422:UDP"= 18422:UDP:BitComet 18422 UDP
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18:29 33808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [19/05/2009 11:54 604416]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20:07 24592]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\hlnnin.sys --> c:\windows\system32\drivers\hlnnin.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-2077806209-682003330-1003.job
- c:\documents and settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 07:47]
2009-05-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 126.100.100.103:8080
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {318D0D71-CA7B-4BCB-9FF5-0055133E52C1} = 126.126.0.120,84.36.254.250
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-31 18:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
Completion time: 2009-05-31 18:20
ComboFix-quarantined-files.txt 2009-05-31 15:20
ComboFix2.txt 2009-05-31 12:12
ComboFix3.txt 2009-05-31 11:20
Pre-Run: 3,251,683,328 bytes free
Post-Run: 3,247,833,088 bytes free
156 --- E O F --- 2009-05-06 14:31

و أنا في إنتظار ردك

 

[ahmedva]

السلام عليكم يا أخ format إنت فين أنا بعتلك التقرير أمس و لحد دلوقتي مردتش عليا رجاء سرعة الرد لأن جهازي معطلني جامد

 

[ahmedva]

أو أي حد تاني يا إخواني يتابع المشكلة و يقولي الحل إيه معظم البرامج إلي باجي بشغلها بطلعلي الرسالة ده
visual studio just in time debugger

 

[format]

هات هايجك جديد
حمل هذهالأداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلهاو روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقريرداخل مفكرة ...

أنسخه كاملاً ... و بشكل صحيح ...

و لصقه في ردكالقادم ...​

 

[ahmedva]

السلام عليكم هذا هو التقرير الجديد و صحيح بإذن الله
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:45, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\HiJackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 126.100.100.103:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [StatusClient 2.6] "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{318D0D71-CA7B-4BCB-9FF5-0055133E52C1}: NameServer = 126.126.0.120,84.36.254.250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7675 bytes

في إنتظار ردك

 

[ahmedva]

السلام عليكم يا باشا :
إنت فين يا باشا أنا بعتلك التقرير من زمان و مستني ردك كل ده

 

[format]

اسف ياخوي بس قطعت الكهرباء وانا في غزة اشئ طبيعي تعرف انه بينقطع الكهرباء فجاء خخخخخخخ جاري التحليل​

 

[format]

قم بحدف التالي

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing
​

طريقة الحذف للاكس بي​

​

​

​

​

​

​

​

بعدين استخدم ها الادوات

التحميل من هنا​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

​

التوافق : ويندوز اكسبي فقط ​

​

شرح الاستخدام ,,,,,,​

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )​

​

​

​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))​

​

​

​

بعدين ​

استخدم اداه الكاسبر ​

​

 

[format]

أغلق برنامج الحماية


و قم بتعطيل استعادة النظام كما في الشرح

حمل الأداة من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل


تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم ألصقه بردك القادم​

 

[ahmedva]

السلام عليكم يا إخواني أنا بقالي يومين منتظر حد يرد عليا و محدش رد حتى الأن و فين الأخ فورماتك

 

[ahmedva]

السلام عليكم : يا جماعة محدش رد على مشكلتي حتى الأن

 

[ahmedva]

السلام عليكم يا باشا ده أخر تقرير جديد من الهاجيك شوفه و قولي أعمل إيه من جديد معلش تعبتك معايا
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:52, on 03/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 126.100.100.103:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [StatusClient 2.6] "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\program\adobe\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\program\adobe\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{318D0D71-CA7B-4BCB-9FF5-0055133E52C1}: NameServer = 126.126.0.120,84.36.254.250
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7845 bytes

مستني ردك

 

[format]

اخوي هات كمان تقرير الكاسبر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[format]

اما الهايجك الجديد

قم بحذف التالي

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

طريقة الحذف للاكس بي

بعدين استخدم ها الادوات



التحميل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط





شرح الاستخدام ,,,,,,




عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

بعدين تقرير الكاسبر​

​

 

[format]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي