جهاز بطئ وتوي مسوي فورمات وشغله ثانيه

صالح115 · 1 يونيو 2009

سلام

توني مسوي فورمات << كل يومين فورمات :er:

ركبت كاسبر اصلي << على البركه :hh:

المهم

الجهاز بطئ شوي

مثلا بفتح صفحه اكسبلور
اضغط عليها تتاخر تفتح لي

ونفس الشي الماسنجر
اضغط عليه ياخذ وقت يفتح

والنت مره يطفش < بس ممكن نقول انها من نفس الاتصالات

بس المشاكل اللي فوق ياليت حل اذا في

الويندوز اكس بي

وهذا تقرير هياجك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:07 م, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: 0102141243882544mcinstcleanup - - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5126 bytes

mehrez01 · 1 يونيو 2009

احذف هذه القيمة
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

صالح115 · 1 يونيو 2009

ممكن رابط شرح الحذف ياغالي

mehrez01 · 1 يونيو 2009

وهذه القيمة
O23 - Service: 0102141243882544mcinstcleanup - - (no file)

mehrez01 · 1 يونيو 2009

طريقة الحذف

mehrez01 · 1 يونيو 2009

بعدين

اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

mehrez01 · 1 يونيو 2009

بعد ذلك ارفع تقرير هايجاك جديد

mehrez01 · 1 يونيو 2009

اخ صالح يريت بسرعة لانني عندي مراجعة لدروسي

صالح115 · 1 يونيو 2009

هذا التقرير بعد فحص البرنامج :

ComboFix 09-05-31.06 - user 06/01/2009 22:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2550.2060 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\artools.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
2009-05-30 03:03 . 2009-05-30 03:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help
2009-05-30 03:02 . 2009-05-30 03:03 -------- d-----w- c:\program files\GoldWave
2009-05-29 20:42 . 2009-05-29 20:42 -------- d-----w- c:\windows\system32\??
2009-05-29 01:57 . 2009-05-29 01:57 -------- d-----w- c:\program files\AnchorFree
2009-05-27 09:30 . 2009-05-27 09:30 -------- d-----w- c:\documents and settings\user\Application Data\vlc
2009-05-26 19:55 . 2009-05-26 19:55 -------- d-----w- c:\program files\PHP Coder
2009-05-26 19:51 . 2009-05-26 20:05 -------- d-----w- c:\documents and settings\user\Application Data\Ulead Systems
2009-05-26 19:47 . 2009-05-26 19:47 -------- d-----w- c:\program files\Windows Media Components
2009-05-26 19:46 . 2009-05-26 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-05-26 19:44 . 2009-05-26 20:10 -------- d-----w- c:\program files\Corel
2009-05-26 19:43 . 2009-05-26 19:43 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2009-05-26 17:32 . 2009-05-26 17:32 -------- d-----w- c:\documents and settings\user\Application Data\COWON
2009-05-25 21:00 . 2009-05-25 21:00 -------- d-----w- c:\documents and settings\user\Application Data\Ipswitch
2009-05-25 21:00 . 2009-05-25 21:00 -------- d-----w- c:\program files\Ipswitch
2009-05-25 20:56 . 2009-05-31 07:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-25 20:55 . 2009-05-25 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-25 20:55 . 2009-05-25 20:55 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-25 20:55 . 2009-05-25 21:25 -------- d-----w- c:\program files\McAfee
2009-05-25 20:55 . 2009-05-25 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-25 20:43 . 2009-05-25 20:43 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-05-25 19:48 . 2004-03-29 12:23 90112 ----a-w- c:\windows\unvise32.exe
2009-05-25 19:48 . 2009-05-25 19:48 -------- d-----w- c:\program files\SWiSHmax
2009-05-25 19:39 . 2009-05-25 19:39 -------- d-----w- c:\windows\Sun
2009-05-25 18:14 . 2009-05-25 18:14 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 18:14 . 2009-05-25 18:14 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 17:40 . 2009-05-25 17:46 -------- d-----w- c:\documents and settings\user\Contacts
2009-05-25 16:49 . 2009-05-25 16:49 -------- d-s---w- c:\documents and settings\user\UserData
2009-05-25 16:31 . 2009-05-25 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-25 16:31 . 2009-05-25 16:31 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-25 16:31 . 2009-05-25 16:31 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-25 16:30 . 2009-05-25 16:30 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-25 16:14 . 2009-05-25 16:15 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-05-25 16:09 . 2009-05-25 16:09 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-25 16:03 . 2009-05-25 16:04 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ACD Systems
2009-05-25 16:03 . 2009-05-25 16:03 -------- d-----w- c:\documents and settings\user\Application Data\ACD Systems
2009-05-25 15:58 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-25 15:57 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-25 15:57 . 2009-05-29 14:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-25 15:55 . 2009-05-25 15:56 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-25 15:55 . 2009-05-25 15:55 -------- d-----w- c:\windows\system32\LogFiles
2009-05-25 15:50 . 2009-05-25 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-25 15:50 . 2009-05-25 15:51 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-25 15:50 . 2009-05-25 15:50 -------- d-----w- c:\program files\ACD Systems
2009-05-25 15:49 . 2009-05-25 15:49 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations
2009-05-25 15:48 . 2009-05-29 01:59 -------- d-----w- c:\program files\Hotspot Shield
2009-05-25 15:45 . 2009-05-25 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-25 15:45 . 2004-07-26 13:16 476320 ----a-w- c:\windows\system32\imagXpr7.dll
2009-05-25 15:45 . 2004-07-26 13:16 471040 ----a-w- c:\windows\system32\imagXRA7.dll
2009-05-25 15:45 . 2004-07-26 13:16 262144 ----a-w- c:\windows\system32\imagXR7.dll
2009-05-25 15:45 . 2004-07-26 13:16 1568768 ----a-w- c:\windows\system32\imagX7.dll
2009-05-25 15:45 . 2004-07-09 05:43 364544 ----a-w- c:\windows\system32\TwnLib4.dll
2009-05-25 15:45 . 2009-05-25 15:45 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-25 15:45 . 2003-03-18 17:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-05-25 15:45 . 2009-05-25 15:45 -------- d-----w- c:\program files\Nero
2009-05-25 15:44 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-05-25 15:43 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-25 15:43 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-05-25 15:43 . 2008-03-31 21:25 682496 ----a-w- c:\windows\system32\divx.dll
2009-05-25 15:43 . 2008-03-21 20:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-05-25 15:43 . 2008-03-21 20:28 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-05-25 15:43 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-25 15:43 . 2008-03-28 17:41 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-25 15:43 . 2009-05-25 15:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-25 15:42 . 2009-05-25 16:10 -------- d-----w- c:\program files\GRETECH
2009-05-25 15:41 . 2009-05-25 15:42 -------- d-----w- c:\program files\Common Files\COWON
2009-05-25 15:41 . 2009-06-01 09:28 -------- d-----w- c:\program files\JetAudio
2009-05-25 15:38 . 2009-05-25 15:38 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-25 15:38 . 2009-05-25 15:38 -------- d-----w- c:\program files\Common Files\Real
2009-05-25 15:38 . 2009-05-25 15:38 -------- d-----w- c:\program files\Real
2009-05-25 15:36 . 2009-05-25 15:36 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-25 15:36 . 2009-05-25 15:36 -------- d-----w- c:\program files\mpegable
2009-05-25 15:36 . 2009-05-25 15:36 -------- d-----w- c:\program files\VideoLAN
2009-05-25 15:35 . 2009-05-25 15:36 -------- d-----w- c:\program files\Java
2009-05-25 15:35 . 2009-05-25 15:35 -------- d-----w- c:\program files\Common Files\Java
2009-05-25 15:34 . 2009-05-25 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-25 15:34 . 2009-05-25 15:34 -------- d-----w- c:\program files\Windows Live
2009-05-25 15:34 . 2009-05-25 15:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-25 15:33 . 2009-05-25 15:34 -------- d-----w- c:\program files\MSN Messenger
2009-05-25 15:24 . 2009-05-25 15:24 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-25 15:23 . 2009-05-25 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-25 15:20 . 2009-05-25 15:20 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-25 15:20 . 2009-05-25 16:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-25 15:19 . 2009-05-25 15:58 172032 ------w- c:\windows\Setup1.exe
2009-05-25 15:19 . 2009-05-25 15:58 73216 ------w- c:\windows\ST6UNST.EXE
2009-05-25 15:06 . 2003-06-18 14:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-25 15:05 . 2009-05-25 15:05 -------- d-----w- c:\program files\Common Files\L&H
2009-05-25 15:05 . 2009-05-25 15:05 -------- d-----w- c:\program files\Microsoft.NET
2009-05-25 15:04 . 2009-05-25 15:04 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-25 15:03 . 2009-05-25 15:03 -------- d-----w- c:\program files\Microsoft Works
2009-05-25 15:02 . 2009-05-25 15:05 -------- d-----w- c:\windows\SHELLNEW
2009-05-25 14:56 . 2009-05-25 14:56 -------- d-----w- c:\windows\system32\wbem\MUI
2009-05-25 14:47 . 2004-05-23 12:00 57344 ----a-w- c:\windows\system32\WMErrAra.dll
2009-05-25 14:44 . 2005-12-13 14:45 122880 ----a-w- c:\windows\system32\igfxres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 19:40 . 2009-05-24 14:38 4660 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-01 19:39 . 2009-05-24 14:38 426016 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-01 19:39 . 2009-05-24 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-01 19:38 . 2009-05-24 14:38 3236384 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-01 19:38 . 2009-05-24 14:38 28460 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-31 11:31 . 2009-05-29 14:19 -------- d-----w- c:\program files\Kelk 2000
2009-05-29 16:37 . 2009-05-24 14:16 402544 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 14:19 . 2009-05-29 14:19 1533952 ----a-w- c:\windows\system32\Klk79.dll
2009-05-29 14:19 . 2009-05-29 14:19 741888 ----a-w- c:\windows\system32\K2KRMT.dll
2009-05-29 14:19 . 2009-05-29 14:19 1159168 ----a-w- c:\windows\system32\KG81.dll
2009-05-29 14:19 . 2009-05-29 14:19 1059840 ----a-w- c:\windows\system32\KG32.dll
2009-05-29 14:19 . 2009-05-29 14:19 818688 ----a-w- c:\windows\system32\K2KLOC.dll
2009-05-29 14:19 . 2009-05-29 14:19 254976 ----a-w- c:\windows\system32\HLVDD.DLL
2009-05-26 19:48 . 2009-05-24 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 16:31 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-25 16:31 . 2009-05-24 14:38 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-25 16:31 . 2009-05-24 14:38 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-25 14:54 . 2009-05-24 14:08 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-24 14:38 . 2009-05-24 14:38 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-24 14:36 . 2009-05-24 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-24 14:33 . 2009-05-24 14:18 -------- d-----w- c:\program files\Dell
2009-05-24 14:30 . 2009-05-24 14:30 -------- d-----w- c:\program files\WIDCOMM
2009-05-24 14:28 . 2009-05-24 14:28 -------- d-----w- c:\program files\Broadcom
2009-05-24 14:27 . 2009-05-24 14:27 -------- d-----w- c:\program files\CONEXANT
2009-05-24 14:23 . 2009-05-24 14:23 -------- d-----w- c:\program files\Synaptics
2009-05-24 14:23 . 2009-05-24 14:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 14:22 . 2009-05-24 14:22 -------- d-----w- c:\program files\DIFX
2009-05-24 14:20 . 2009-05-24 14:20 -------- d-----w- c:\program files\Intel
2009-05-24 14:19 . 2009-05-24 14:19 -------- d-----w- c:\program files\SigmaTel
2009-05-24 14:09 . 2009-05-24 14:09 -------- d-----w- c:\program files\microsoft frontpage
2009-05-24 14:05 . 2009-05-24 14:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2007-09-07 00:24 1580544 6E266AAF4168B3569A330C61AB01F6B4 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-25 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-25 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S2 0102141243882544mcinstcleanup;0102141243882544mcinstcleanup; [x]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.adobeme.com/products/ME/photoshop/main.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vwmgfbxm.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-01 22:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1248)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Crypserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-01 22:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 19:42
Pre-Run: 17,394,864,128 bytes free
Post-Run: 17,356,644,352 bytes free
229

صالح115 · 1 يونيو 2009

هذا تقرير الهياجيك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:15 م, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AF BHO - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: 0102141243882544mcinstcleanup - - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5211 bytes

واسف ياغالي على تأخيرك

mehrez01 · 1 يونيو 2009

اوكي ااخي اعمل الاتي
ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وقلي شو صار

صالح115 · 1 يونيو 2009

طيب ثواني بس

mehrez01 · 1 يونيو 2009

علي فكرة يظهر انك نسيت تحذف هذه القيمة
قم بحذفها
O23 - Service: 0102141243882544mcinstcleanup - - (no file)

سامى عبد الفتاح · 1 يونيو 2009

اذا كانت مواصفات جهازك رديئة:q: انصحك باستخدام برنامج حماية غير الكاسبر ويفضل النود لخفته على الجهاز

mehrez01 · 1 يونيو 2009

صحيح كلام الاخ سامي
ما هي موصفات جهازك

صالح115 · 1 يونيو 2009

يعطيكم العافيه
تحسن الجهاز افضل من قبل
ماقصرتو

جهاز بطئ وتوي مسوي فورمات وشغله ثانيه

صالح115

زيزوومى فعال

mehrez01

زيزوومي نشيط

صالح115

زيزوومى فعال

mehrez01

زيزوومي نشيط

mehrez01

زيزوومي نشيط

mehrez01

زيزوومي نشيط

mehrez01

زيزوومي نشيط

mehrez01

زيزوومي نشيط

صالح115

زيزوومى فعال

صالح115

زيزوومى فعال

mehrez01

زيزوومي نشيط

صالح115

زيزوومى فعال

mehrez01

زيزوومي نشيط

سامى عبد الفتاح

زيزوومى محترف

توقيع : سامى عبد الفتاح

mehrez01

زيزوومي نشيط

صالح115

زيزوومى فعال

NTLite Business 2025.8.10552 X64