• بادئ الموضوع بادئ الموضوع imn
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,041

imn

زيزوومي جديد
إنضم
15 يوليو 2008
المشاركات
54
مستوى التفاعل
5
النقاط
50
الإقامة
المدينه المنوره
غير متصل
السلام عليكم

عندي مشكله في الجهاز متعبتني مدري ايش سببها

جهازي يثقل بعد تشغيله بنصف ساعه تقريبا واحيانا يعلق... حتي الاتصال عندي يصير بطئ

وماتروح المشكله الا بعد اعادة تشغيل الجهاز

وترجع مره ثانيه

ارجوا المساعده

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:33 ص, on 01/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min/nosplash
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [General Removal] C:\\Program Files\\General Removal\\General_Removal.exe a2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تحميل ملفات (إف.إل.في) الـ 10 الأخيرة بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 7781 bytes

 

وعليكم السلام

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : AbOdy
مشكور اخوي علي ردك السريع

تفضل هذا التقرير

ComboFix 09-07-29.04 - Akki 08/01/2009 4:13.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.958.444 [GMT 3:00]
Running from: c:\documents and settings\Akki\سطح المكتب\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-10-27 04:54 . 2009-10-27 04:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-27 04:09 . 2009-10-27 04:09 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-10-27 04:08 . 2009-10-27 04:08 152576 ------w- c:\documents and settings\Akki\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-30 16:15 . 2009-07-30 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-21 23:22 . 2009-07-21 23:22 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-21 10:50 . 2009-07-21 11:11 -------- d-----w- c:\documents and settings\Akki\Application Data\Motive
2009-07-21 10:50 . 2009-07-21 10:50 -------- d-----w- c:\program files\Fahess_Activation
2009-07-21 10:50 . 2009-07-27 23:03 -------- d-----w- c:\program files\Common Files\Motive
2009-07-21 10:50 . 2009-07-21 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-07-09 07:12 . 2009-07-06 19:44 103424 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-09 07:12 . 2009-07-06 19:44 937984 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-09 07:12 . 2009-07-06 19:44 65536 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-09 07:12 . 2009-07-06 19:44 4722688 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-09 07:12 . 2009-07-06 19:44 344064 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-09 07:12 . 2009-07-06 19:44 106496 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-03 05:48 . 2009-07-03 05:48 -------- d-----w- c:\documents and settings\Akki\Local Settings\Application Data\TVU Networks
2009-07-03 05:47 . 2009-07-03 05:47 -------- d-----w- c:\documents and settings\Akki\LocalLow
2009-07-02 21:40 . 2009-06-30 16:19 106496 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Plugins\npcoolirisplugin.dll
2009-07-02 21:39 . 2009-06-30 16:19 65536 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-07-02 21:39 . 2009-06-30 16:19 4734976 ----a-w- c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 04:55 . 2009-02-01 20:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-27 04:09 . 2009-02-01 20:53 -------- d-----w- c:\program files\Java
2009-08-01 01:16 . 2009-03-04 13:56 563720224 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-01 01:16 . 2009-02-01 20:58 -------- d-----w- c:\documents and settings\Akki\Application Data\DMCache
2009-08-01 00:28 . 2001-09-19 12:00 38844 ----a-w- c:\windows\system32\perfc001.dat
2009-08-01 00:28 . 2001-09-19 12:00 249166 ----a-w- c:\windows\system32\perfh001.dat
2009-08-01 00:23 . 2009-03-14 22:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 00:22 . 2009-03-04 13:56 6600344 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-31 19:07 . 2009-02-18 18:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-31 02:22 . 2007-10-23 15:42 117760 ----a-w- c:\documents and settings\Akki\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-28 14:29 . 2009-06-23 04:22 -------- d-----w- c:\documents and settings\Akki\Application Data\uTorrent
2009-07-27 23:46 . 2009-02-01 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-23 14:36 . 2009-02-01 16:32 99888 ----a-w- c:\documents and settings\Akki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-12 13:14 . 2009-06-12 05:27 -------- d-----w- c:\program files\Common Files\Filseclab
2009-07-06 04:04 . 2009-02-01 20:50 -------- d-----w- c:\program files\Google
2009-07-01 21:31 . 2009-02-01 20:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 16:49 . 2004-08-03 21:55 665088 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:49 . 2004-08-03 21:55 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 11:42 . 2009-06-26 11:42 0 ----a-w- c:\windows\system32\cd.dat
2009-06-23 04:22 . 2009-06-23 04:22 -------- d-----w- c:\program files\uTorrent
2009-06-20 21:00 . 2009-06-20 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SRSLabs
2009-06-20 20:59 . 2009-06-20 20:59 -------- d-----w- c:\program files\Common Files\SRS
2009-06-20 20:59 . 2009-06-20 20:59 -------- d-----w- c:\program files\SRSLabs
2009-06-20 18:13 . 2009-06-20 18:13 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-20 18:13 . 2009-02-01 20:56 -------- d-----w- c:\program files\Common Files\Real
2009-06-16 14:36 . 2004-08-03 21:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-09-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 00:05 . 2009-06-15 23:28 -------- d-----w- c:\program files\File Recover
2009-06-12 05:27 . 2009-02-01 20:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 23:21 . 2009-06-11 23:21 -------- d-----w- c:\documents and settings\Akki\Application Data\Avira
2009-06-11 23:07 . 2009-06-11 23:07 -------- d-----w- c:\program files\Avira
2009-06-11 23:07 . 2009-03-02 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-07 18:13 . 2009-03-04 14:34 -------- d-----w- c:\documents and settings\Akki\Application Data\cleaner
2009-06-06 17:46 . 2009-06-06 17:45 -------- d-----w- c:\program files\MessengerPlus! 3
2009-06-06 14:07 . 2009-06-06 14:06 -------- d-----w- c:\program files\Windows Live
2009-06-06 14:07 . 2009-06-06 14:07 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-06 14:06 . 2009-06-06 14:06 -------- d-----w- c:\program files\Microsoft
2009-06-06 14:06 . 2009-06-06 14:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-05 20:30 . 2009-06-05 20:30 -------- d-----w- c:\program files\Trend Micro
2009-06-04 23:26 . 2009-02-08 16:25 -------- d-----w- c:\documents and settings\Akki\Application Data\IDM
2009-06-03 19:10 . 2004-08-03 21:55 1289216 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 21:48 . 2009-06-02 21:41 -------- d-----w- c:\program files\Common Files\Stardock
2009-06-02 21:46 . 2009-06-02 21:46 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-01 21:39 . 2009-06-15 23:28 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-05-07 15:32 . 2004-08-03 21:55 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-24 10:57 . 2009-07-01 22:17 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-01 68856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-02-23 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 811008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-27 148888]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-06-06 190024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-20 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-06-11 176128]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-06-06 544768]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12033:TCP"= 12033:TCP:BitComet 12033 TCP
"12033:UDP"= 12033:UDP:BitComet 12033 UDP

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [01/02/2009 11:25 م 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [01/02/2009 11:25 م 52224]
R1 is-IOOANdrv;is-IOOANdrv;c:\windows\system32\drivers\47001531.sys [04/03/2009 04:56 م 148496]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/06/2009 02:07 ص 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/06/2009 02:07 ص 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/06/2009 02:07 ص 434945]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [01/02/2009 11:27 م 714240]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [07/06/2009 08:50 م 194304]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [02/02/2009 12:31 ص 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [02/02/2009 12:31 ص 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [02/02/2009 12:31 ص 40320]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 02:22 ص 28592]
S3 utezmjy2;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utezmjy2.sys --> c:\windows\system32\Drivers\utezmjy2.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]

2009-08-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-General Removal - c:\\Program Files\\General Removal\\General_Removal.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
IE: تحميل ملفات (إف.إل.في) الـ 10 الأخيرة بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL2.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?sourceid=navclient-ff
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\documents and settings\Akki\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Akki\Application Data\Mozilla\Firefox\Profiles\s96urfbu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Akki\Application Data\Mozilla\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-01 04:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{10a57759-d1f6-45d3-92f5-48dd08c47084}]
@Denied: (Full) (Everyone)
"Model"=dword:000000cf
"Therad"=dword:0000001a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,7d,ca,85,4d,6f,38,81,99,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):32,28,64,32,31,f6,47,de,d0,89,ca,5f,7f,5e,df,d4,e6,08,c9,b7,db,
45,9b,0c,42,a0,69,f9,54,be,74,97,af,19,e9,a8,a4,28,90,4b,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\idmmbc.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(2280)
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-01 4:18
ComboFix-quarantined-files.txt 2009-08-01 01:18

Pre-Run: 15,642,517,504 bytes free
Post-Run: 15,622,168,576 bytes free

222 --- E O F --- 2009-08-01 00:01

 
لاهنت اخوي هاجيك جديد
 
توقيع : KoNaMi
ولاتهون اخوي تفضل

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:04 ص, on 01/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min/nosplash
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تحميل ملفات (إف.إل.في) الـ 10 الأخيرة بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 7946 bytes
 
اعمل الاتي اخوي وهات صورة منها

1) من ابدأ start


2) تشغيل RUN


3) اكتب MSCONFIG


4) موافق Ok


5) من الاعلى بدءالتشغيل STARTUP


i17239_210630011241.png
 
توقيع : KoNaMi
والله ياخوي اني كنت خايف لا تقولي كذا

لاني معرف اخذ صوره

 
توقيع : KoNaMi
تكفون ياخوان شوفوا مشكلتي
 
هذي تقرير كويس


ComboFix 09-08-01.02 - Administrator 08/02/2009 3:19.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1025.18.503.333 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\artools.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-01 06:46 . 2009-08-01 06:46 -------- d-----w- c:\windows\system32\Alwatan_Clock dir
2009-08-01 06:46 . 2009-08-01 06:46 201728 ----a-w- c:\windows\system32\Alwatan_Clock.scr
2009-08-01 03:33 . 2009-08-01 03:33 8704 ----a-w- c:\windows\system32\SpOrder.dll
2009-08-01 01:49 . 2009-08-01 02:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-01 01:40 . 2008-06-14 17:59 271616 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-01 01:24 . 2009-08-01 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-01 01:18 . 2009-08-01 01:18 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-01 01:18 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-01 01:18 . 2009-08-01 01:18 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-01 01:18 . 2009-08-01 01:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-08-01 01:17 . 2009-08-01 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-08-01 01:17 . 2009-08-01 01:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-01 01:17 . 2009-08-01 01:17 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-01 01:14 . 2002-01-05 09:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-08-01 01:14 . 1998-12-24 18:23 40960 ----a-w- c:\windows\system32\VBAME.DLL
2009-08-01 01:14 . 2002-01-05 03:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-01 01:14 . 2009-08-01 01:15 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-08-01 01:14 . 2002-01-05 04:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-01 01:14 . 2009-08-01 01:14 -------- d-----w- c:\windows\system32\RMBin
2009-08-01 01:14 . 2009-08-01 01:15 -------- d-----w- c:\program files\Real_SC
2009-08-01 01:14 . 2009-08-01 01:14 -------- d-----w- c:\program files\GoldWave
2009-08-01 01:13 . 2009-08-01 02:30 -------- d-----w- c:\program files\iVocalize Web Conference 4
2009-08-01 01:12 . 2009-08-01 01:12 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-08-01 01:11 . 2009-08-01 01:11 -------- d-----w- c:\program files\VS Revo Group
2009-08-01 01:11 . 2009-08-01 01:12 2927168 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
2009-08-01 01:08 . 2009-08-01 01:09 116144 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc02\components\idmmzcc.dll
2009-08-01 01:08 . 2009-08-02 00:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-08-01 01:08 . 2009-08-01 04:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-08-01 01:08 . 2009-08-01 01:23 -------- d-----w- c:\program files\Internet Download Manager
2009-08-01 01:05 . 2009-08-01 01:05 -------- d-----w- c:\program files\Circle Developemnt
2009-08-01 01:05 . 2009-08-01 01:05 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-01 01:00 . 2009-08-02 00:26 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-08-01 00:52 . 2009-08-01 00:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-08-01 00:50 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-01 00:50 . 2009-08-01 00:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-01 00:48 . 2009-08-01 00:48 -------- d-----w- c:\program files\Microsoft
2009-08-01 00:48 . 2009-08-01 00:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-01 00:47 . 2009-08-01 01:00 -------- d-----w- c:\program files\Windows Live
2009-08-01 00:17 . 2009-08-01 00:17 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-01 00:16 . 2009-08-01 00:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-01 00:16 . 2009-08-01 00:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-01 00:16 . 2009-08-01 00:17 -------- d-----w- c:\program files\Common Files\Real
2009-08-01 00:16 . 2009-08-01 00:16 -------- d-----w- c:\program files\Real
2009-08-01 00:14 . 2009-08-01 00:14 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-01 00:14 . 2009-08-01 01:00 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-01 00:13 . 2009-08-01 00:13 -------- d-----w- c:\windows\VistaDrive
2009-07-31 23:41 . 2009-07-31 23:41 0 ----a-w- c:\windows\nsreg.dat
2009-07-31 23:41 . 2009-07-31 23:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-31 21:18 . 2009-07-31 21:18 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-07-31 21:18 . 2009-07-31 21:18 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-31 21:18 . 2009-07-31 21:18 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-07-31 20:59 . 2009-07-31 21:18 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-31 20:59 . 2009-07-31 21:18 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-31 20:58 . 2009-08-02 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-31 20:58 . 2009-08-02 00:24 278560 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-31 20:58 . 2009-08-02 00:24 1365536 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-31 20:58 . 2009-07-31 20:58 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-31 20:57 . 2009-07-31 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-31 18:49 . 2009-07-31 18:49 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-07-31 18:48 . 2004-06-06 03:40 159744 ----a-r- c:\windows\system32\igfxres.dll
2009-07-31 18:48 . 2009-07-31 18:48 -------- d-s---w- c:\windows\system32\Microsoft
2009-07-31 18:41 . 2006-07-01 12:46 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-31 18:40 . 2009-07-31 18:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2009-07-31 18:40 . 2009-07-31 18:40 -------- d-sh--w- c:\documents and settings\LocalService
2009-07-31 14:08 . 2006-01-27 23:00 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-07-31 14:07 . 2006-07-01 15:46 57216 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-07-31 14:06 . 2006-07-01 15:46 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-07-31 14:06 . 2006-07-01 15:46 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2009-07-31 14:06 . 2006-07-01 15:46 73728 ----a-w- c:\windows\system32\usbui.dll
2009-07-31 14:03 . 2009-08-02 00:19 -------- d-----w- c:\windows\system32\CatRoot2
2009-07-31 14:03 . 2009-08-01 06:47 -------- d-----w- c:\windows\system32\CatRoot
2009-07-31 14:03 . 2009-07-31 18:40 -------- d-----w- C:\Documents and Settings
2009-07-31 14:03 . 2009-07-31 11:20 -------- d--h--w- c:\documents and settings\Default User
2009-07-31 14:03 . 2009-07-31 11:14 -------- d-----w- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 00:24 . 2009-07-31 20:58 5176 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-02 00:24 . 2009-07-31 20:58 14892 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-01 22:05 . 2009-07-31 11:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-01 06:49 . 2001-09-19 18:00 58586 ----a-w- c:\windows\system32\perfc001.dat
2009-08-01 06:49 . 2001-09-19 18:00 328222 ----a-w- c:\windows\system32\perfh001.dat
2009-07-31 21:18 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-31 18:36 . 2009-07-31 18:36 -------- d-----w- c:\program files\microsoft frontpage
2009-07-31 11:12 . 2009-07-31 11:12 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-26 16:00 . 2006-09-12 05:53 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:00 . 2004-08-04 03:55 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 12:18 . 2009-06-25 12:18 982528 ----a-w- c:\windows\inf\syssbck.dll
2009-06-16 14:44 . 2006-07-01 12:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:44 . 2006-07-01 12:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:23 . 2006-07-01 12:48 1289216 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:42 . 2004-08-04 03:55 344064 ----a-w- c:\windows\system32\localspl.dll
2008-09-25 12:30 . 2009-07-31 23:41 134656 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2006-09-12 05:12 1616384 810316E2E8D32075C8B984320A6011CF c:\windows\explorer.exe
[-] 2008-04-14 15:59 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\SoftwareDistribution\Download\7ddc38335814ac754f158e6c7fa2b6cb\explorer.exe


[-] 2008-04-14 15:59 1571328 6B8B7B206FA0C50B4CF99EEE2AC14BC7 c:\windows\SoftwareDistribution\Download\7ddc38335814ac754f158e6c7fa2b6cb\sfcfiles.dll
[-] 2006-07-01 12:59 1547776 5839C7D4FA3AE3ACEB7422829B010900 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-31 208616]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-01 198160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-04-23 54784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [2006-05-09 180736]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 م 33808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/1/2009 4:18 ص 604416]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 م 24592]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-08-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ahgxslvc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/ar/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-02 03:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2009-08-02 3:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 00:30

Pre-Run: 34,494,300,160 bytes free
Post-Run: 34,391,011,328 bytes free

199 --- E O F --- 2009-08-01 05:27
 
ماني فاهمك اخوي...يعني تقرير جهازي فيه مشكله

ارجو منك التوضيح
 
تقرير الهآيجآك .. ممتآز ،
 
عودة
أعلى