جهازي مخترق وبطيء جدا

م

محتارين

زيزوومي جديد
إنضم
31 يوليو 2009
المشاركات
29
مستوى التفاعل
0
النقاط
20
غير متصل
المشكله في جهازي انه بطيء واي برنامج يعلق واشعر انه مخترق

هذه بعض التقارير اللي تفيد بحالة جهازي

اتمنا تشوفولي حل وجزاكم الله خيرا

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:40, on 31/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cashfiesta.lnk = C:\Program Files\Cashfiesta\FiestaBar\Cashfiesta.exe
O4 - Startup: lecsys32.exe
O4 - Startup: necsys32.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Update Service (gupdate1c9da5e28922b3e) (gupdate1c9da5e28922b3e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4602 bytes






.........

التقرير الثاني


SmitFraudFix v2.423
Scan done at 10:38:23.87, Fri 07/31/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\Program Files\Google\googletoolbar1.dll
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek Rtl-8139d PCI Fast Ethernet Adapter #2 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ECE00B14-B07B-4199-BD32-94EE4A359A46}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ECE00B14-B07B-4199-BD32-94EE4A359A46}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{ECE00B14-B07B-4199-BD32-94EE4A359A46}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» End
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
مرحباً

قم بتحميل اداة المكافي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


واعمل فحص للجهاز وارفق التقرير ستجد التقرير في السي تحت اسمى noor_mcaffe

بالتوفيق
 
توقيع : FireFox
تأييد 0
طيب انا عندي برنامج انتي فايروس اسمه Avira AntiVir
عادي احمل وياه مكافي
 
تأييد 0
محتارين قال:
طيب انا عندي برنامج انتي فايروس اسمه Avira AntiVir
عادي احمل وياه مكافي
أنقر للتوسيع...

مافي مشكله حملها .. :smile: الاداه ستقوم بالفحص في بيئة الدوس .
 
توقيع : FireFox
تأييد 0
هذا تقرير مكافي

Virus Scan Report File

Virus Scan Information

McAfee VirusScan for Win32 v5.30.0Copyright (c) 1992-2008 McAfee, Inc. All rights reserved.(408) 988-3832 LICENSED COPY - Jun 16 2008Scan engine v5.3.00 for Win32.Virus data file v5688 created Jul 25 2009Scanning for 540433 viruses, trojans and variants.Virus Scan Results

07/31/2009 13:06:47Options:/ADL /WINMEM/CLEAN /APPEND /HTML C:\NOOR_MCAFEE.HTMScanning C: []Scanning C:\*.*C:\Program Files\Ozone\Audio Converter\opt.exe ... Found the W32/Sdbot.worm virus !!! The file or process has been deleted.C:\Program Files\SpeederXP\cooper.dll ... Found the Generic.dx trojan !!! The file or process has been deleted.Summary report on C:\*.*File(s) Total files: ........... 34146 Clean: ................. 34117 Not scanned: ........... 0 Possibly Infected: ..... 2 Cleaned: ............... 0 Deleted: ............... 2Non-critical Error(s): 1Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Scanning D: [القرص]Scanning D:\*.*Summary report on D:\*.*File(s) Total files: ........... 32304 Clean: ................. 32304 Not scanned: ........... 0 Possibly Infected: ..... 0 Cleaned: ............... 0Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Scanning E: []Scanning E:\*.*Summary report on E:\*.*File(s) Total files: ........... 24078 Clean: ................. 24078 Not scanned: ........... 0 Possibly Infected: ..... 0 Cleaned: ............... 0Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Scanning F: []Scanning F:\*.*Summary report on F:\*.*File(s) Total files: ........... 11452 Clean: ................. 11452 Not scanned: ........... 0 Possibly Infected: ..... 0 Cleaned: ............... 0Master Boot Record(s): ......... 1 Possibly Infected: ..... 0Boot Sector(s): ................ 1 Possibly Infected: ..... 0Time: 00:46.57 انتظر الرد
 
تأييد 0
توقيع : AbOdy
تأييد 0
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : AbOdy
تأييد 0
كيف اعطل برنامج الحماية
 
تأييد 0
توقيع : FireFox
تأييد 0
i23125_shadyy1.gif
 
توقيع : AbOdy
تأييد 0
ComboFix 09-07-29.04 - Administrator 07/31/2009 15:32.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.511.292 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\wiaserva.log
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MabryObj.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winio.vxd
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.
2009-07-31 12:29 . 2009-07-31 12:29 388608 ----a-w- c:\windows\system32\CF20516.exe
2009-07-31 08:08 . 2009-07-31 08:08 -------- d-----w- c:\program files\Trend Micro
2009-07-31 06:09 . 2009-07-31 06:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-07-13 23:33 . 2009-07-13 23:33 -------- d-----w- c:\program files\Circle Developemet
2009-07-13 23:00 . 2009-07-13 23:01 -------- d-----w- c:\program files\Muslim Bag
2009-07-13 23:00 . 2009-07-13 23:00 -------- d-----w- c:\windows\Muslim Bag
2009-07-10 08:28 . 2000-01-28 12:16 5337088 ------w- c:\windows\system32\crpe32.dll
2009-07-10 08:26 . 2009-07-10 08:26 -------- d-----w- C:\Primer
2009-07-08 19:01 . 2009-07-08 19:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-08 19:01 . 2009-07-08 21:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-07-02 12:43 . 2009-07-10 08:29 -------- d-----w- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 10:20 . 2009-05-02 17:15 -------- d-----w- c:\program files\SpeederXP
2009-07-31 09:54 . 2009-05-02 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2009-07-31 07:54 . 2009-01-05 23:36 -------- d-----w- c:\program files\Google
2009-07-31 07:35 . 2009-03-24 09:09 -------- d-----w- c:\program files\GameHouse
2009-07-31 07:17 . 2009-05-02 15:29 -------- d-----w- c:\program files\Orbitdownloader
2009-07-31 05:58 . 2009-06-20 19:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cashfiesta
2009-07-13 23:33 . 2009-03-24 10:00 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-08 22:52 . 2009-06-14 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-03 11:16 . 2009-07-03 11:16 512 ----atw- c:\windows\~DF10F8.tmp
2009-06-29 00:11 . 2009-01-06 03:13 -------- d-----w- c:\program files\NCC Education
2009-06-24 21:26 . 2009-06-20 19:17 -------- d-----w- c:\program files\Cashfiesta
2009-06-14 19:46 . 2009-06-14 19:46 -------- d-----r- c:\program files\Skype
2009-06-14 19:46 . 2009-06-14 19:46 -------- d-----w- c:\program files\Common Files\Skype
2009-06-14 19:46 . 2009-06-14 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-13 04:56 . 2009-06-13 04:56 390664 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-04 19:08 . 2009-06-04 19:08 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-02 14:21 . 2009-03-24 10:09 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
------- Sigcheck -------
[-] 2004-08-03 21:56 611328 B4CFC3F6FD3C9373F39D30E4275E2865 c:\windows\system32\comctl32.dll
[7] 2004-08-03 21:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\system32\dllcache\comctl32.dll
[7] 2001-08-23 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-03 21:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-30 198160]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Cashfiesta.lnk - c:\program files\Cashfiesta\FiestaBar\Cashfiesta.exe [2009-5-18 822272]
lecsys32.exe [2004-8-4 16896]
necsys32.exe [2004-8-4 22016]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-2 1719496]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^lecsys32.exe]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\lecsys32.exe
backup=c:\windows\pss\lecsys32.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^necsys32.exe]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\necsys32.exe
backup=c:\windows\pss\necsys32.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 slnt;Realtek Rtl-8139d PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [01/01/2001 01:29 ص 18004]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [01/01/2001 01:01 ص 13696]
S2 gupdate1c9da5e28922b3e;Google Update Service (gupdate1c9da5e28922b3e);c:\program files\Google\Update\GoogleUpdate.exe [22/05/2009 12:50 ص 133104]
S2 TTDec;ATI WDM Teletext Decoder (Microsoft);c:\windows\system32\drivers\ati1ttxx.sys [03/04/2009 06:12 م 21343]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ATITUNEP
*NewlyCreated* - ATIXSAUDIO
*NewlyCreated* - MVDCODEC
*NewlyCreated* - TTDEC
.
Contents of the 'Scheduled Tasks' folder
2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 21:50]
2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-21 21:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-31 15:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-07-31 15:38
ComboFix-quarantined-files.txt 2009-07-31 12:38
Pre-Run: 2,106,867,712 bytes free
Post-Run: 2,135,080,960 bytes free
147
 
تأييد 0
تقرير هايجك جديد ,,
 
توقيع : Future Tank X-1
تأييد 0
ملاحظه

حاولت تشغيل الاداه اكثر من مره يقولي فشل التثبيت وفجأه اشتغلت معي وبعد ما طلع txt الجهاز توقف او تعطل وعملت رست وطلعلي اطار مكتوب به انه الاداه هذه مفقودة ..!

المهم نسخت لكم اللي في txt وحطيته انتظر ردكم
 
تأييد 0
هذا تقرير جديد


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:52, on 31/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Cashfiesta.lnk = C:\Program Files\Cashfiesta\FiestaBar\Cashfiesta.exe
O4 - Startup: lecsys32.exe
O4 - Startup: necsys32.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Update Service (gupdate1c9da5e28922b3e) (gupdate1c9da5e28922b3e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF20882.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
--
End of file - 4902 bytes
 
تأييد 0
O4 - Startup: lecsys32.exe
O4 - Startup: necsys32.exe

هذولا الاثنين موجودين في بدء تشغيل ويندوز
 
تأييد 0
انتظر الرد شاكرين لكم
 
تأييد 0
حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وارفعه هنـا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او على اي مركز رفع
 
توقيع : Future Tank X-1
تأييد 0
كثرة الادوات عندي صارت خمس
 
تأييد 0
توقيع : Future Tank X-1
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى