الجهاز بطيئ ويعلق.. والتقارير موجوده..

[حنيـــن]

السلام عليكم

مدري ايش صار للجهاز بطيئ ويعلق ومايتقفل الا بزر الايقاف والتشغيل وصاير مو طبيعي :d:

وهذي التقارير بس فيه واحد منهم مدري اذا طريقتي فيه صح او لا :cr:

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 

[MAAX]

اهلاا بك
حمل الملف التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وطبق عليه هذا الشرح

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

ثم

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

[حنيـــن]

تفضل التقرير
...

ComboFix 09-11-24.02 - Arabic 11/25/2009 5:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.765.416 [GMT 3:00]
Running from: c:\documents and settings\Arabic\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-25 00:26 . 2009-11-25 00:32 -------- d-----w- c:\documents and settings\Arabic\Application Data\QuickScan
2009-11-25 00:26 . 2009-11-24 03:17 677888 ----a-w- c:\documents and settings\Arabic\Application Data\Mozilla\Firefox\Profiles\89khrway.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-25 00:26 . 2009-11-24 03:16 767488 ----a-w- c:\documents and settings\Arabic\Application Data\Mozilla\Firefox\Profiles\89khrway.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-25 00:20 . 2009-11-25 02:26 -------- d-----w- c:\documents and settings\Arabic\Local Settings\Application Data\Runscanner.net
2009-11-23 01:40 . 2008-06-27 01:39 332928 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-11-21 13:32 . 2009-11-21 13:32 -------- d-----w- C:\Temp
2009-11-21 02:41 . 2009-11-21 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-21 02:30 . 2009-11-21 02:30 -------- d-----w- c:\program files\Adobe Media Player
2009-11-21 02:27 . 2009-11-21 02:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-20 15:45 . 2009-11-20 15:45 -------- d-----w- c:\windows\Sun
2009-11-20 15:35 . 2009-11-20 15:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 01:02 . 2009-11-20 01:02 -------- d-----w- c:\program files\Topaz Labs
2009-11-14 14:34 . 2009-11-14 14:34 235520 ----a-w- c:\documents and settings\Arabic\Application Data\programgpl\web test bash.exe
2009-11-14 14:32 . 2009-11-14 14:32 253952 ----a-w- c:\documents and settings\Arabic\Application Data\programgpl\traytrustlicenseshow.exe
2009-11-14 14:31 . 2009-11-25 02:30 749568 ----a-w- c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags\list remote.exe
2009-11-14 14:30 . 2009-11-14 14:30 749568 ----a-w- c:\documents and settings\Arabic\Application Data\programgpl\khwcptxf.exe
2009-11-14 14:29 . 2009-11-14 14:29 -------- d-----w- c:\program files\programgpl
2009-11-14 14:29 . 2009-11-14 14:29 466944 ----a-w- c:\documents and settings\Arabic\Application Data\programgpl\file proc bend.exe
2009-11-14 14:27 . 2009-11-14 14:27 -------- d-----w- c:\program files\Circl Developement
2009-11-12 07:04 . 2009-11-12 07:11 -------- d-----w- c:\program files\PowerISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 02:45 . 2009-01-06 16:01 -------- d-----w- c:\documents and settings\Arabic\Application Data\DMCache
2009-11-25 02:30 . 2009-01-07 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-25 02:28 . 2009-01-07 23:46 761888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-25 02:28 . 2009-01-07 23:46 4732 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-25 02:28 . 2009-01-07 23:46 2892320 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-25 02:28 . 2009-01-07 23:46 24724 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-24 15:54 . 2009-01-07 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-24 02:57 . 2008-11-12 19:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-22 23:21 . 2009-06-19 03:12 -------- d-----w- c:\documents and settings\Arabic\Application Data\Skype
2009-11-22 23:20 . 2008-12-10 19:04 -------- d-----w- c:\documents and settings\Arabic\Application Data\skypePM
2009-11-21 02:43 . 2008-11-11 20:32 292632 ----a-w- c:\documents and settings\Arabic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-20 15:00 . 2009-04-22 14:13 -------- d-----w- c:\program files\Norton Security Scan
2009-11-20 01:01 . 2009-11-20 00:58 -------- d-----w- c:\program files\Topaz Labs LLC
2009-11-14 14:34 . 2008-11-22 07:16 -------- d-----w- c:\documents and settings\Arabic\Application Data\programgpl
2009-11-14 14:31 . 2008-11-22 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags
2009-11-14 14:27 . 2009-01-25 09:19 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-03 01:51 . 2008-11-12 19:28 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-10-26 22:04 . 2009-04-28 05:39 -------- d-----w- c:\program files\SWiSH Max2
2009-10-26 22:04 . 2009-04-27 23:53 -------- d-----r- c:\program files\SAFlashPlayer
2009-10-22 22:00 . 2008-11-29 22:28 -------- d-----w- c:\documents and settings\Arabic\Application Data\dvdcss
2009-10-14 16:25 . 2009-01-07 23:47 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-14 16:25 . 2009-01-07 23:47 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-07 04:42 . 2009-06-03 04:38 -------- d-----w- c:\program files\BitComet
2009-08-31 20:45 . 2009-08-31 20:45 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
2009-08-31 20:45 . 2009-08-31 20:45 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
2009-08-31 20:45 . 2009-08-31 20:45 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
2009-08-31 20:45 . 2009-08-31 20:45 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
2009-01-29 05:59 . 2009-01-29 05:59 841 ----a-w- c:\program files\Internet Download Manager.lnk
2009-01-29 05:59 . 2009-01-29 05:59 2221003 ----a-w- c:\program files\e2b99130.rar
2009-01-25 09:17 . 2009-01-25 09:17 2078991 ----a-w- c:\program files\mplayerc_20081210.zip
2009-01-25 09:17 . 2009-01-25 09:17 4887376 ----a-w- c:\program files\MsgPlusLive-470.exe
2009-01-25 07:51 . 2009-01-25 07:51 359656 ----a-w- c:\program files\msicuu2.exe
2009-01-15 07:14 . 2009-01-25 09:12 2398736 ----a-w- c:\program files\مثبت Windows Live.exe
2009-01-07 20:39 . 2009-01-07 20:18 510816 ----a-w- c:\program files\wrar380a.exe
2008-12-29 17:47 . 2008-12-29 17:47 441 ----a-w- c:\program files\D8مج لتنظيف الهارد ديسك Webroot Windows Washer 6[1].0.txt
2008-12-26 12:42 . 2008-12-26 12:42 10938951 ----a-w- c:\program files\pfs-setup-en.exe
2008-12-25 06:44 . 2008-12-25 06:44 816542 ----a-w- c:\program files\c919a3e860.zip
2008-11-23 17:22 . 2008-11-23 17:22 464408 ----a-w- c:\program files\RealPlayer11GOLD.exe
2008-10-23 07:46 . 2008-11-21 22:24 5316176 ----a-w- c:\program files\msjavx86.exe
2006-07-08 09:25 . 2009-03-04 08:54 1284801 ----a-w- c:\program files\bsga.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-23_01.12.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 11:09 . 2009-08-06 16:24 44768 c:\windows\system32\wups2.dll
+ 2008-11-11 20:19 . 2009-08-06 16:24 35552 c:\windows\system32\wups.dll
+ 2008-11-11 20:19 . 2009-08-06 16:24 53472 c:\windows\system32\wuauclt.exe
+ 2009-10-07 11:44 . 2009-08-06 16:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-07 11:44 . 2009-08-06 16:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2001-10-05 00:15 . 2009-11-13 18:34 60224 c:\windows\system32\perfc009.dat
- 2001-10-05 00:15 . 2009-05-29 21:15 60224 c:\windows\system32\perfc009.dat
+ 2009-07-02 04:29 . 2009-07-02 04:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-11-22 05:50 . 2009-11-01 19:04 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-07-22 19:13 . 2009-07-22 19:13 28592 c:\windows\system32\drivers\tap0901.sys
+ 2008-11-02 08:44 . 2008-11-02 08:44 56572 c:\windows\system32\drivers\scdemu.sys
- 2008-11-11 20:25 . 2009-06-11 12:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-11 20:25 . 2009-11-24 14:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-11 20:25 . 2009-11-24 14:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-11 20:25 . 2009-06-11 12:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-11 20:25 . 2009-06-11 12:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-11 20:25 . 2009-11-24 14:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 07:56 . 2009-08-06 16:24 96480 c:\windows\system32\cdm.dll
+ 2009-01-16 04:25 . 2009-01-16 04:25 98816 c:\windows\Installer\a9e09.msi
+ 2009-01-16 04:24 . 2009-01-16 04:24 23040 c:\windows\Installer\a9df0.msi
+ 2009-01-16 04:23 . 2009-01-16 04:23 25088 c:\windows\Installer\a9d94.msi
+ 2009-01-16 04:22 . 2009-01-16 04:22 83456 c:\windows\Installer\a9d75.msi
+ 2009-01-23 21:09 . 2009-01-23 21:09 28160 c:\windows\Installer\828c0.msi
+ 2009-01-23 21:08 . 2009-01-23 21:08 59904 c:\windows\Installer\828b4.msi
+ 2009-11-21 02:30 . 2009-11-21 02:30 23552 c:\windows\Installer\143a97.msi
+ 2009-11-21 02:27 . 2009-11-21 02:27 26112 c:\windows\Installer\143a54.msi
+ 2009-09-23 17:04 . 2009-09-23 17:04 29926 c:\windows\Installer\{CACE46A6-D098-40B3-911D-A7334E336714}\MsblIco.Exe
- 2009-01-25 08:41 . 2009-01-25 08:41 29926 c:\windows\Installer\{CACE46A6-D098-40B3-911D-A7334E336714}\MsblIco.Exe
+ 2009-11-20 01:02 . 2009-11-20 01:02 10134 c:\windows\Installer\{5E684419-44E3-46EE-A43C-A60082CBF4EC}\_FA58725AFB0FAAA794B54F.exe
+ 2009-11-20 01:02 . 2009-11-20 01:02 10134 c:\windows\Installer\{5E684419-44E3-46EE-A43C-A60082CBF4EC}\_0200F930D1AA45D1234457.exe
+ 2009-11-20 01:02 . 2009-11-20 01:02 6006 c:\windows\Installer\{5E684419-44E3-46EE-A43C-A60082CBF4EC}\_6FEFF9B68218417F98F549.exe
+ 2008-11-11 20:19 . 2009-08-06 16:24 209632 c:\windows\system32\wuweb.dll
+ 2008-11-11 20:19 . 2009-08-06 16:24 327896 c:\windows\system32\wucltui.dll
+ 2008-11-11 20:19 . 2009-08-06 16:23 575704 c:\windows\system32\wuapi.dll
- 2001-10-05 00:15 . 2009-05-29 21:15 396176 c:\windows\system32\perfh009.dat
+ 2001-10-05 00:15 . 2009-11-13 18:34 396176 c:\windows\system32\perfh009.dat
+ 2009-01-24 11:03 . 2009-08-06 16:23 215920 c:\windows\system32\muweb.dll
+ 2009-01-24 11:03 . 2009-08-06 16:23 274288 c:\windows\system32\mucltui.dll
+ 2008-07-31 07:16 . 2008-07-31 07:16 947472 c:\windows\system32\msjava.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2009-04-22 14:13 . 2009-04-22 14:13 301568 c:\windows\Installer\edaef.msi
+ 2009-01-25 08:40 . 2009-01-25 08:40 467968 c:\windows\Installer\dbb7a.msi
+ 2009-01-25 07:52 . 2009-01-25 07:52 472064 c:\windows\Installer\c5959.msi
+ 2009-01-16 04:25 . 2009-01-16 04:25 727040 c:\windows\Installer\a9e15.msi
+ 2009-01-16 04:25 . 2009-01-16 04:25 483328 c:\windows\Installer\a9e0f.msi
+ 2009-01-16 04:25 . 2009-01-16 04:25 891904 c:\windows\Installer\a9dfc.msi
+ 2009-01-16 04:22 . 2009-01-16 04:22 107008 c:\windows\Installer\a9d69.msi
+ 2009-01-16 04:22 . 2009-01-16 04:22 301056 c:\windows\Installer\a9d63.msi
+ 2009-01-23 21:10 . 2009-01-23 21:10 781824 c:\windows\Installer\828d6.msi
+ 2009-01-23 21:09 . 2009-01-23 21:09 876032 c:\windows\Installer\828d0.msi
+ 2009-01-23 21:09 . 2009-01-23 21:09 431104 c:\windows\Installer\828ca.msi
+ 2009-01-23 21:09 . 2009-01-23 21:09 141312 c:\windows\Installer\828ba.msi
+ 2009-11-20 01:02 . 2009-11-20 01:02 248832 c:\windows\Installer\819713.msi
+ 2009-11-20 00:58 . 2009-11-20 00:58 347648 c:\windows\Installer\81970f.msi
+ 2008-11-12 18:38 . 2008-11-12 18:38 100352 c:\windows\Installer\7799e.msi
+ 2009-01-24 08:11 . 2009-01-24 08:11 472064 c:\windows\Installer\4676a.msi
+ 2008-11-11 20:29 . 2008-11-11 20:29 264704 c:\windows\Installer\4157d.msi
+ 2008-11-22 19:26 . 2008-11-22 19:26 164352 c:\windows\Installer\40b582.msi
+ 2009-09-23 17:04 . 2009-09-23 17:04 803328 c:\windows\Installer\2b2c9b.msi
+ 2009-01-24 09:21 . 2009-01-24 09:21 804352 c:\windows\Installer\2431a2.msi
+ 2009-01-23 20:39 . 2009-01-23 20:39 472064 c:\windows\Installer\16efb7.msi
+ 2009-06-06 23:56 . 2009-06-06 23:56 876032 c:\windows\Installer\1475338.msi
+ 2009-06-26 21:37 . 2009-06-26 21:37 451072 c:\windows\Golden wave\uninstall.exe
+ 2008-11-11 20:19 . 2009-08-06 16:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\system32\webfldrs.msi
+ 2007-12-15 11:55 . 2007-12-15 11:55 2510848 c:\windows\system32\tlpsplib10.dll
+ 2009-03-11 11:32 . 2009-03-11 11:32 6772736 c:\windows\system32\tliadjust30.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-11-11 12:09 . 2009-11-21 13:26 2597576 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-19 03:11 . 2009-06-19 03:11 1247744 c:\windows\Installer\c60c18.msi
+ 2009-05-26 08:05 . 2009-05-26 08:05 4192256 c:\windows\Installer\b735cd.msi
+ 2009-01-16 04:28 . 2009-01-16 04:28 2109440 c:\windows\Installer\a9e26.msi
+ 2009-01-07 23:47 . 2009-01-07 23:47 2682368 c:\windows\Installer\9a3ba7.msi
+ 2008-11-12 18:37 . 2008-11-12 18:37 6076416 c:\windows\Installer\77998.msi
+ 2009-03-23 01:41 . 2009-03-23 01:41 7958016 c:\windows\Installer\5f678e.msi
+ 2009-03-23 01:40 . 2009-03-23 01:40 1539584 c:\windows\Installer\5f678a.msi
+ 2009-01-25 08:55 . 2009-01-25 08:55 1154560 c:\windows\Installer\1c0aaf.msi
+ 2008-11-12 19:24 . 2008-11-12 19:24 1112064 c:\windows\Installer\16ae44.msi
+ 2008-11-12 19:18 . 2008-11-12 19:18 5922816 c:\windows\Installer\16ae34.msi
+ 2009-06-06 23:55 . 2009-06-06 23:55 1479168 c:\windows\Installer\147532f.msi
+ 2005-09-23 04:48 . 2005-09-23 04:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2002-12-11 16:39 . 2002-12-11 16:39 10995712 c:\windows\Installer\WMEncoder.msi
+ 2008-11-12 20:08 . 2007-01-19 21:21 16829440 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-28 2606512]
"RefExit"="c:\docume~1\Arabic\APPLIC~1\PROGRA~1\file proc bend.exe" [2009-11-14 466944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-29 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"1 mags 16 more"="c:\documents and settings\All Users\Application Data\Admin Inter 1 Mags\list remote.exe" [2009-11-25 749568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8152:TCP"= 8152:TCP:BitComet 8152 TCP
"8152:UDP"= 8152:UDP:BitComet 8152 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29 م 33808]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [12/11/2008 10:27 م 15424]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [25/12/2008 10:05 ص 6852]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [07/01/2009 11:51 م 598856]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [23/11/2009 04:40 ص 332928]
.
Contents of the 'Scheduled Tasks' folder

2009-11-25 c:\windows\Tasks\ABB8A5F6919F5B02.job
- c:\docume~1\arabic\applic~1\progra~1\web test bash.exe [2009-11-14 14:34]

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 10:42]

2009-11-20 c:\windows\Tasks\Norton Security Scan for Arabic.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 14:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyServer = 192.168.1.254:80
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Arabic\Application Data\Mozilla\Firefox\Profiles\89khrway.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\Arabic\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Arabic\Application Data\Mozilla\Firefox\Profiles\89khrway.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\Arabic\Application Data\Mozilla\Firefox\Profiles\89khrway.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AV Bros. Page Curl 2.0 - c:\program files\Adobe\Photoshop 7.0 ME\Plug-Ins\AV Bros Page Curl 2.0\AVUninstall2.exe
AddRemove-HijackThis - c:\documents and settings\Arabic\My Documents\Downloads\Programs\HijackThis.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-11-25 05:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{67831d45-c202-4b8d-a26c-ca751d8c7ead}]
@Denied: (Full) (Everyone)
"Model"=dword:00000080
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,f1,bd,5b,27,14,a4,4b,29,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8e,b0,69,3c,73,b8,31,6a,e8,63,b6,fe,97,9a,53,ea,be,47,cc,46,e9,
09,df,37,4d,12,78,00,84,b8,58,fd,bc,6c,32,e6,87,3f,cd,80,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1820)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(1564)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-25 05:48
ComboFix-quarantined-files.txt 2009-11-25 02:47
ComboFix2.txt 2009-06-23 01:16

Pre-Run: 32,569,053,184 bytes free
Post-Run: 32,545,263,616 bytes free

- - End Of File - - B23D4E5D3900A8ACBA477D0D5F20F578

 

[shaded]

السلام عليكم ورحمة الله .. ​

بعد أذن اخوي ماكس .. ​

اشوف عندك برنامجين حماية .. الكاسبر والنود .. :d:​

احذفي واحد منهم .. ​

والافضل انك تحذفين النود .. والبقاء على الكاسبر ..k:​

 

[حنيـــن]

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وعليكم السلام

النود هذا مصيبه مدري من وين طلع مو معقوله مانحذف :cr::cr:

انا كنت كاتبه موضوع عشان حذفه وحطيت بداله الكاسبر :?:


بس ممكن تشوفون اذا جهازي سليم او فيه شي

 

[MAAX]

اختي كان في بقايا للنود
واعطيتك ملف فيه محدد حذف بقاياه

 

[حنيـــن]

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

يعطيك العافيه اخوي

طيب يعني الان ماعندي اي شي ضاار

كلوو سليم او فيه شي :d:

 

[سفير الدموع]

يا طيب تقرير هايجاك جدي حتى نعرف أن راااح النود و بقياه أو لا​

 

[MAAX]

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

k:

 

[حنيـــن]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:25:56 ص, on 27/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Arabic\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.254:80
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\list remote.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RefExit] C:\DOCUME~1\Arabic\APPLIC~1\PROGRA~1\file proc bend.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: إضافة إلى حاجب الدعايات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6844 bytes

 

[البارون]

احذف التالي

O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\list remote.exe


O4 - HKCU\..\Run: [RefExit] C:\DOCUME~1\Arabic\APPLIC~1\PROGRA~1\file proc bend.exe


طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وبلغنا اخر النتائج