الجهاز بطييييييئ +تقرير الهايجاك

solda · 28 يوليو 2009

السلام عليكم اخواني الجهاز عندي بطيئ جدا
خاصة لما اشغل الجهاز
طبعا اسجل دخولي وبعد ماحط الرقم
يطووووووووووووول وبعدين يكتبلي يتم الان تحميل الاعدادت
وبعدين لما اشغل برنامج مايشتغل بسرعه يطووول وبعدين يشتغل
وهذا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:17:46 م, on 29/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avant Browser\avant.exe
D:\برامج\للحماية\HiJackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7509 bytes

dr-know · 28 يوليو 2009

السلام عليكم

تقريرك سليم بس ممكن تعطينا مواصفات جهازك ان شاء الله نلاقي حل

solda · 28 يوليو 2009

مواصفاته اوكي
2 دول كور بنتيوم 4
رامات واحد جيجا
هارد ديسك 160جيجا
على ماعتقد كرت الشاشه 265

MAAX · 28 يوليو 2009

هل البطء عند الاقلاع او عند الاستخدام ؟

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

solda · 31 يوليو 2009

معليش اخي ماكس ظروف حصلت وتاخرت اعذرني هذا هو التقرير تبع الاداة
ComboFix 09-07-29.04 - user 08/01/2009 0:14.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.953.657 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Desktop_.ini
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-30 17:31 . 2009-07-31 21:11 -------- d-----w- C:\Downloads
2009-07-30 11:21 . 2009-07-31 21:20 -------- d-----w- c:\documents and settings\user\Application Data\Free Download Manager
2009-07-30 11:21 . 2009-07-30 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-07-30 11:21 . 2009-07-30 11:21 -------- d-----w- c:\program files\Free Download Manager
2009-07-29 21:41 . 2009-07-29 21:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 17:15 . 2009-07-28 17:15 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Yahoo
2009-07-28 06:45 . 2009-07-28 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-28 06:40 . 2009-07-29 07:40 -------- d-----w- c:\program files\Yahoo!
2009-07-28 05:53 . 2009-07-28 05:53 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-07-28 05:53 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 05:53 . 2009-07-28 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-28 05:53 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 05:53 . 2009-07-28 05:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 18:15 . 2009-07-27 18:15 -------- d-----w- c:\program files\CEDP Stealer 6.0 for Messenger
2009-07-26 21:47 . 2001-09-19 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2009-07-26 21:47 . 2001-09-19 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-07-26 21:47 . 2001-09-19 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2009-07-26 21:47 . 2001-09-19 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-07-26 21:47 . 2001-09-19 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-07-26 21:47 . 2001-09-19 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2009-07-26 21:47 . 2001-09-19 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-07-26 21:47 . 2001-09-19 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-07-26 21:47 . 2001-09-19 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0404.dll
2009-07-26 21:47 . 2001-09-19 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-07-26 21:47 . 2001-09-19 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0804.dll
2009-07-26 20:06 . 2004-08-03 20:32 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2009-07-26 20:05 . 2004-08-03 20:31 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2009-07-26 13:22 . 2009-07-26 13:22 -------- d-----w- c:\program files\Innovative Solutions
2009-07-25 11:10 . 2001-08-17 19:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-07-25 11:10 . 2001-08-17 19:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-07-25 11:10 . 2001-08-17 19:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-07-25 11:10 . 2001-08-17 19:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-07-25 11:10 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-07-25 11:10 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-07-25 11:10 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-07-25 11:10 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-07-25 11:10 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-07-25 11:10 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-07-25 11:10 . 2001-08-17 11:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-07-25 11:10 . 2001-08-17 11:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-07-25 04:58 . 2009-07-25 04:58 -------- d-----w- c:\documents and settings\user\Bluetooth Software
2009-07-24 13:54 . 2009-07-24 13:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Innovative Solutions
2009-07-23 21:29 . 2009-07-23 21:29 -------- d-----w- c:\documents and settings\user\Application Data\COWON
2009-07-23 19:31 . 2009-07-23 19:31 -------- d-----w- c:\program files\JetAudio
2009-07-23 19:31 . 2009-07-23 19:31 -------- d-----w- c:\program files\Common Files\COWON
2009-07-23 19:31 . 2009-07-23 19:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 15:05 . 2009-07-23 15:05 -------- d-----w- c:\windows\Sun
2009-07-23 14:49 . 2009-07-23 14:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 14:48 . 2009-07-23 14:48 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-23 14:12 . 2009-07-23 14:12 -------- d-----w- c:\program files\Common Files\delet
2009-07-23 14:02 . 2004-08-03 22:55 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-23 14:02 . 2004-08-03 22:55 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-23 14:02 . 2009-07-23 14:02 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-23 14:00 . 2009-07-23 14:01 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-23 11:40 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\user\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-07-22 11:50 . 2009-07-22 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-22 11:22 . 2009-07-22 11:22 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Identities
2009-07-22 09:41 . 2009-07-31 15:54 -------- d-----w- c:\program files\Hotspot Shield
2009-07-21 18:28 . 2009-07-21 18:28 -------- d-----w- c:\documents and settings\user\Application Data\URSoft
2009-07-21 18:28 . 2009-07-27 22:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-21 18:13 . 2009-07-21 18:13 -------- d-----w- c:\program files\Avant Browser
2009-07-20 13:02 . 2009-07-20 13:02 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-20 13:02 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-20 13:02 . 2009-07-20 13:02 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-20 13:02 . 2009-07-20 13:02 -------- d-----w- c:\documents and settings\user\Application Data\TuneUp Software
2009-07-20 13:02 . 2009-07-20 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-20 13:02 . 2009-07-20 13:03 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-20 13:01 . 2009-07-20 13:01 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-20 13:00 . 2009-07-20 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-20 12:49 . 2009-07-20 12:49 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-20 12:49 . 2009-07-20 12:49 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-20 12:49 . 2009-07-20 12:49 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-20 12:49 . 2009-07-20 12:49 -------- d-----w- c:\program files\Common Files\Real
2009-07-20 12:49 . 2009-07-20 12:49 -------- d-----w- c:\program files\Real
2009-07-20 10:41 . 2009-07-20 10:41 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-20 05:29 . 2009-07-20 05:29 -------- d-----w- c:\documents and settings\user\.jpi_cache
2009-07-20 05:29 . 2009-07-20 05:29 -------- d-----w- c:\documents and settings\user\.java
2009-07-20 00:45 . 2009-07-20 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-07-20 00:45 . 2009-07-20 00:45 -------- d-----w- c:\documents and settings\user\Application Data\GRETECH
2009-07-20 00:44 . 2009-07-20 00:44 -------- d-----w- c:\program files\GRETECH
2009-07-19 22:02 . 2009-07-19 22:02 -------- d-----w- c:\program files\MSBuild
2009-07-19 22:02 . 2009-07-19 22:02 83160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-19 21:59 . 2009-07-19 21:59 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-19 21:59 . 2009-07-19 21:59 -------- d-----w- c:\program files\Reference Assemblies
2009-07-19 21:58 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-19 21:40 . 2009-07-19 21:40 -------- d-----w- c:\documents and settings\user\.javaws
2009-07-19 21:40 . 2009-07-19 21:40 -------- d-----w- c:\program files\Java Web Start
2009-07-19 21:39 . 2009-07-23 14:49 -------- d-----w- c:\program files\Java
2009-07-19 21:35 . 2008-07-10 10:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-07-19 21:35 . 2009-07-19 21:35 -------- d-----w- c:\windows\system32\QuickTime
2009-07-19 21:35 . 2009-07-19 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-07-19 21:34 . 2009-07-19 21:34 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-07-19 21:34 . 2009-07-19 21:34 -------- d-----w- c:\program files\TechSmith
2009-07-19 19:54 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-19 19:54 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-19 19:22 . 2009-07-19 19:22 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-07-19 18:35 . 2009-07-25 16:52 -------- d-----w- c:\documents and settings\user\Contacts
2009-07-19 18:21 . 2009-07-19 18:23 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-07-19 18:21 . 2009-07-19 18:34 -------- d-----w- c:\program files\Windows Live
2009-07-19 18:20 . 2009-07-19 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-19 18:17 . 2009-07-19 20:06 -------- d--h--w- c:\windows\$hf_mig$
2009-07-19 17:52 . 2008-10-16 11:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-19 17:49 . 2009-07-26 23:12 34232 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 17:28 . 2009-07-30 11:18 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 21:22 . 2009-07-19 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-31 21:22 . 2009-07-19 13:57 385056 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-31 21:22 . 2009-07-19 13:57 3444 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-31 21:20 . 2009-07-19 13:57 1885216 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-31 21:20 . 2009-07-19 13:57 17904 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-31 17:16 . 2001-09-19 12:00 66700 ----a-w- c:\windows\system32\perfc001.dat
2009-07-31 17:16 . 2001-09-19 12:00 362094 ----a-w- c:\windows\system32\perfh001.dat
2009-07-28 08:33 . 2009-07-28 08:33 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-07-28 08:33 . 2009-07-28 08:33 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-07-28 08:33 . 2009-07-28 08:33 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-07-28 08:33 . 2009-07-28 08:33 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-07-28 08:33 . 2009-07-28 08:33 1986560 ----a-w- c:\windows\system32\akll.dll
2009-07-28 08:33 . 2009-07-28 08:33 196608 ----a-w- c:\windows\system32\maag.dll
2009-07-28 08:33 . 2009-07-28 08:33 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-07-28 08:33 . 2009-07-28 08:33 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-07-28 08:33 . 2009-07-28 08:33 -------- d-----w- c:\program files\Real_SC
2009-07-22 11:43 . 2009-07-19 15:22 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-22 11:40 . 2009-07-19 12:48 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-21 14:57 . 2009-07-19 15:14 -------- d-----w- c:\program files\NOS
2009-07-21 14:57 . 2009-07-19 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-19 15:23 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-19 15:23 . 2009-07-19 13:58 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-19 15:23 . 2009-07-19 13:58 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-19 15:22 . 2009-07-19 15:22 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-07-19 15:22 . 2009-07-19 15:22 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-07-19 15:14 . 2009-07-19 15:14 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-19 14:49 . 2009-07-19 14:49 -------- d-----w- c:\documents and settings\user\Application Data\Avant Profiles
2009-07-19 13:57 . 2009-07-19 13:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-19 13:56 . 2009-07-19 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-19 13:33 . 2009-07-19 13:33 -------- d-----w- c:\program files\Launch Manager
2009-07-19 13:31 . 2009-07-19 13:31 -------- d-----w- c:\program files\WIDCOMM
2009-07-19 13:28 . 2009-07-19 13:28 -------- d-----w- c:\program files\Synaptics
2009-07-19 13:28 . 2009-07-19 13:04 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-19 13:26 . 2009-07-19 13:26 -------- d-----w- c:\program files\Atheros
2009-07-19 13:26 . 2009-07-19 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-07-19 13:25 . 2009-07-19 13:25 -------- d-----w- c:\program files\Broadcom
2009-07-19 13:25 . 2009-07-19 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Broadcom
2009-07-19 13:25 . 2009-07-19 13:25 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2009-07-19 13:24 . 2009-07-19 13:24 -------- d-----w- c:\program files\Marvell
2009-07-19 13:04 . 2009-07-19 13:04 -------- d-----w- c:\program files\Realtek
2009-07-19 13:04 . 2009-07-19 13:04 315392 ----a-w- c:\windows\HideWin.exe
2009-07-19 13:00 . 2009-07-19 13:00 -------- d-----w- c:\program files\Intel
2009-07-19 12:49 . 2009-07-19 12:49 -------- d-----w- c:\program files\microsoft frontpage
2009-07-19 12:45 . 2009-07-19 12:45 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 141848]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-09 450648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 805384]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-22 208616]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-20 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-23 148888]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [20/07/2009 04:02 م 604416]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [19/07/2009 04:38 م 194304]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-07-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الفيديو بواسطة Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlall.htm
IE: تحميل المحددة بواسطة Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

files\Free Download Manager\dllink.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-01 00:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3d358ae1-cbd4-49cd-8fac-48cbfd42ed29}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d2
"Therad"=dword:0000000c
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6c,ea,67,74,16,6f,7d,bd,37,25,cb,c4,9b,20,88,26,b6,fa,32,92,5d,
3a,d3,5a,11,ec,01,46,e6,8f,65,38,ee,6a,fe,d1,35,58,25,2b,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\acs.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\igfxext.exe
c:\docume~1\user\LOCALS~1\temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2009-07-31 0:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 21:24
Pre-Run: 73,299,988,480 bytes free
Post-Run: 73,690,193,920 bytes free
276

MAAX · 31 يوليو 2009

هل البطء عند الاقلاع او عند الاستخدام ؟

solda · 1 أغسطس 2009

انا اوضحلك اخوي شوف اشغل الجهاز عادي علامة ويندوز عادي مافيها شي ماتتاخر لكن لما تجي شاشة الترحيب وادخل الرقم حق المستخدم يكتبلي يتم الان تحميل الاعدادات ويطوووووووووووووول

MAAX · 1 أغسطس 2009

حدد التالي واحذفه

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

طريقة الحذف

ثم

حمل الملف هذا واتبع الارشادات بعد التشغيل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الجهاز بطييييييئ +تقرير الهايجاك

solda

زيزوومى مبدع

dr-know

زيزوومى مميز

solda

زيزوومى مبدع

MAAX

عضوشرف

solda

زيزوومى مبدع

MAAX

عضوشرف

solda

زيزوومى مبدع

MAAX

عضوشرف

NTLite Business 2025.8.10552 X64