مشكله؟الجهاز بطئ!!

[Knight Lord]

السلام عليكم..

عندي مشكله اليوم الجهاز صاير بطئ مادري ليش اظطريت اني افصله من الجدار <<هل يسبب شي

وأريد حل يا اخوان :cr:

وهذ1 تقريري
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:51 م, on 19/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
--
End of file - 6425 bytes

 

[البرونز]

قم بتطبيق مافي الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

والتقرير سليم

 

[Knight Lord]

يعطيك العافيه اخوي البرونز

 

[boob77]

وشوف هالموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[jwad22]

بتلقف شوي يصاحب الموضوع بعد اذنك وممكن يالمراقب العام فديتك تعطيني رايك بتقريري
ComboFix 08-05-15.3 - user 05/19/2008 20:39:28.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.87 [GMT 3:00]
Running from: C:\Documents and Settings\user\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp0_80946817385.bk
C:\WINDOWS\system32\tmp1_47697426298.bk
C:\WINDOWS\system32\tmp3_759275602721.bk
C:\WINDOWS\system32\tmp3_790371848144.bk
C:\WINDOWS\system32\tmp3_870841184890.bk
C:\WINDOWS\system32\tmp4_569619399653.bk
C:\WINDOWS\system32\tmp4_6699174643.bk
C:\WINDOWS\system32\tmp4_778134303653.bk
C:\WINDOWS\system32\WServing.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_Routing
-------\Service_WServing

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 19:22 54,624 ----a-w C:\WINDOWS\system32\a972.sys
2008-05-18 19:18 54,624 ----a-w C:\WINDOWS\system32\4348D.sys
2008-05-17 18:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\TwoProgramAmen
2008-05-17 18:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-05-17 18:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-05-17 16:04 --------- d-----w C:\Documents and Settings\user\Application Data\PCToolsSpamMonitorPlus
2008-05-17 16:04 --------- d-----w C:\Documents and Settings\user\Application Data\PCToolsFirewallPlus
2008-05-17 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-17 16:03 --------- d-----w C:\Program Files\PC Tools Internet Security
2008-05-17 11:35 --------- d-----w C:\Program Files\Java
2008-05-17 11:32 --------- d-----w C:\Program Files\Common Files\Java
2008-05-16 10:15 --------- d-----w C:\Program Files\VS Revo Group
2008-05-16 07:53 --------- d-----w C:\Documents and Settings\user\Application Data\Se Analyzer Tool SA
2008-05-16 07:35 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-16 07:35 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-16 07:35 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-16 07:35 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 08:01 --------- d-----w C:\Program Files\Error Repair Professional
2008-05-14 23:15 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-14 23:15 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-14 23:01 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-14 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-10 23:08 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-10 10:14 --------- d-----w C:\Program Files\Sakhr
2008-05-09 19:08 --------- d-----w C:\Documents and Settings\user\Application Data\COWON
2008-05-09 19:01 --------- d-----w C:\Documents and Settings\user\Application Data\WNR
2008-05-09 18:48 --------- d-----w C:\Documents and Settings\user\Application Data\Vidalia
2008-05-09 18:48 --------- d-----w C:\Documents and Settings\user\Application Data\Tor
2008-05-09 11:46 68,485 ----a-w C:\WINDOWS\Fonts\arabic3.zip
2008-05-09 11:46 54,390 ----a-w C:\WINDOWS\Fonts\arabic27.zip
2008-05-09 11:46 46,332 ----a-w C:\WINDOWS\Fonts\arabic24.zip
2008-05-09 11:46 45,752 ----a-w C:\WINDOWS\Fonts\arabic8.zip
2008-05-09 11:46 39,657 ----a-w C:\WINDOWS\Fonts\arabic14.zip
2008-05-09 11:46 34,086 ----a-w C:\WINDOWS\Fonts\arabic1.zip
2008-05-09 11:46 29,760 ----a-w C:\WINDOWS\Fonts\arabic2.zip
2008-05-09 11:45 58,353 ----a-w C:\WINDOWS\Fonts\arabic12.zip
2008-05-09 11:45 35,010 ----a-w C:\WINDOWS\Fonts\arabic13.zip
2008-05-08 11:12 --------- d-----w C:\Program Files\inKline Global
2008-05-07 13:17 --------- d-----w C:\Program Files\Alwil Software
2008-05-05 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Memo save stupid creative
2008-05-05 19:53 --------- d-----w C:\Program Files\Circle Developement
2008-05-05 19:53 --------- d-----w C:\Documents and Settings\user\Application Data\TwoProgramAmen
2008-05-05 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-05 19:25 --------- d-----w C:\Program Files\JetAudio
2008-05-05 19:24 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-05 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-05-05 19:18 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-05-05 19:18 --------- d-----w C:\Program Files\VideoLAN
2008-05-05 19:18 --------- d-----w C:\Program Files\mpegable
2008-05-05 19:18 --------- d-----w C:\Program Files\FLVPlayer4Free
2008-05-05 19:18 --------- d-----w C:\Program Files\DivX
2008-05-05 19:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-05 19:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-05 19:17 --------- d-----w C:\Program Files\Real
2008-05-05 19:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-05 19:17 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 19:16 155,995 ----a-w C:\WINDOWS\java\Packages\F1R7DBJJ.ZIP
2008-05-05 19:16 --------- d-----w C:\Program Files\Windows Live
2008-05-05 19:16 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-05 19:15 --------- d-----w C:\Program Files\MSN Messenger
2008-05-05 19:12 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-05 19:11 --------- d-----w C:\Program Files\Microsoft Works
2008-05-05 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 19:05 --------- d-----w C:\Program Files\S3
2008-05-05 19:05 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-05 19:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-05 19:05 --------- d-----w C:\Program Files\AvRack
2008-05-05 18:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-01 15:23 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:54 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:53 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
"NounLink"="C:\DOCUME~1\LOCALS~1\APPLIC~1\TWOPRO~1\MovePokeArmy.exe" [05/05/2008 10:53 PM 433664]
"SpyEmergency"="C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/05/2003 08:59 AM 57344 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/05/2008 10:17 PM 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM 36975]
"SystemInit"="" []
"Karen"="" []
"raVe"="" []
"Win32BaseServiceMOD"="" []
"startIE"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"raVe"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
"DisableRegedit"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 0
"NoInstrumentation"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [08/17/2001 01:28 PM]
S3 4348D;4348D;C:\WINDOWS\system32\4348D.sys [05/18/2008 10:18 PM]
S3 a972;a972;C:\WINDOWS\system32\a972.sys [05/18/2008 10:22 PM]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys []
.
s of the 'Scheduled Tasks' folder
"2008-05-19 17:00:02 C:\WINDOWS\Tasks\AD4550C0918EC224.job"
- c:\docume~1\user\applic~1\twopro~1\activenewpoll.exe
"2008-05-16 07:42:08 C:\WINDOWS\Tasks\McAfee Cleanup.job"
- C:\DOCUME~1\user\LOCALS~1\TEMP\MCPR.tmp\mccleanup.exe?-p mpfpcu,mpfp,mps,shred,mpscu,mskcu,msk,emproxy,mas,fwdriver,hw,mbk,mcproxy,mhn,mqccu,mqc,shrd,nmc,redir,mna,mwl,msad,vs,msc,mcpr -log
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-19 20:41:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 05/19/2008 20:42:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 17:42:20
Pre-Run: 6,616,612,864 bytes free
Post-Run: 6,638,895,104 bytes free
212 --- E O F --- 2008-05-07 22:40:14

 

[8الجوال8]

اولا: تأكد انك منت مشغل برامج كثيرة في نفس الوقت
رقم2: يمكن ان الجهاز شغال فترة طويلة شي طبيعي يصير بطئ
رقم3: استخدم منظفات الجهاز من الأشياة التي ماتستعملها
رقم4: اذا كان عندك الكاسبر احذفه وركب النود32
رقم5: لاتثبت البرامج التي لاتستخدمها
​

 

[boob77]

بتلقف شوي يصاحب الموضوع بعد اذنك وممكن يالمراقب العام فديتك تعطيني رايك بتقريري
ComboFix 08-05-15.3 - user 05/19/2008 20:39:28.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.87 [GMT 3:00]
Running from: C:\Documents and Settings\user\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp0_80946817385.bk
C:\WINDOWS\system32\tmp1_47697426298.bk
C:\WINDOWS\system32\tmp3_759275602721.bk
C:\WINDOWS\system32\tmp3_790371848144.bk
C:\WINDOWS\system32\tmp3_870841184890.bk
C:\WINDOWS\system32\tmp4_569619399653.bk
C:\WINDOWS\system32\tmp4_6699174643.bk
C:\WINDOWS\system32\tmp4_778134303653.bk
C:\WINDOWS\system32\WServing.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_Routing
-------\Service_WServing

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 19:22 54,624 ----a-w C:\WINDOWS\system32\a972.sys
2008-05-18 19:18 54,624 ----a-w C:\WINDOWS\system32\4348D.sys
2008-05-17 18:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\TwoProgramAmen
2008-05-17 18:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-05-17 18:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-05-17 16:04 --------- d-----w C:\Documents and Settings\user\Application Data\PCToolsSpamMonitorPlus
2008-05-17 16:04 --------- d-----w C:\Documents and Settings\user\Application Data\PCToolsFirewallPlus
2008-05-17 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-17 16:03 --------- d-----w C:\Program Files\PC Tools Internet Security
2008-05-17 11:35 --------- d-----w C:\Program Files\Java
2008-05-17 11:32 --------- d-----w C:\Program Files\Common Files\Java
2008-05-16 10:15 --------- d-----w C:\Program Files\VS Revo Group
2008-05-16 07:53 --------- d-----w C:\Documents and Settings\user\Application Data\Se Analyzer Tool SA
2008-05-16 07:35 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-16 07:35 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-16 07:35 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-16 07:35 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 08:01 --------- d-----w C:\Program Files\Error Repair Professional
2008-05-14 23:15 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-14 23:15 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-14 23:01 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-14 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-10 23:08 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-10 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-10 10:14 --------- d-----w C:\Program Files\Sakhr
2008-05-09 19:08 --------- d-----w C:\Documents and Settings\user\Application Data\COWON
2008-05-09 19:01 --------- d-----w C:\Documents and Settings\user\Application Data\WNR
2008-05-09 18:48 --------- d-----w C:\Documents and Settings\user\Application Data\Vidalia
2008-05-09 18:48 --------- d-----w C:\Documents and Settings\user\Application Data\Tor
2008-05-09 11:46 68,485 ----a-w C:\WINDOWS\Fonts\arabic3.zip
2008-05-09 11:46 54,390 ----a-w C:\WINDOWS\Fonts\arabic27.zip
2008-05-09 11:46 46,332 ----a-w C:\WINDOWS\Fonts\arabic24.zip
2008-05-09 11:46 45,752 ----a-w C:\WINDOWS\Fonts\arabic8.zip
2008-05-09 11:46 39,657 ----a-w C:\WINDOWS\Fonts\arabic14.zip
2008-05-09 11:46 34,086 ----a-w C:\WINDOWS\Fonts\arabic1.zip
2008-05-09 11:46 29,760 ----a-w C:\WINDOWS\Fonts\arabic2.zip
2008-05-09 11:45 58,353 ----a-w C:\WINDOWS\Fonts\arabic12.zip
2008-05-09 11:45 35,010 ----a-w C:\WINDOWS\Fonts\arabic13.zip
2008-05-08 11:12 --------- d-----w C:\Program Files\inKline Global
2008-05-07 13:17 --------- d-----w C:\Program Files\Alwil Software
2008-05-05 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Memo save stupid creative
2008-05-05 19:53 --------- d-----w C:\Program Files\Circle Developement
2008-05-05 19:53 --------- d-----w C:\Documents and Settings\user\Application Data\TwoProgramAmen
2008-05-05 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-05 19:25 --------- d-----w C:\Program Files\JetAudio
2008-05-05 19:24 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-05 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-05-05 19:18 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-05-05 19:18 --------- d-----w C:\Program Files\VideoLAN
2008-05-05 19:18 --------- d-----w C:\Program Files\mpegable
2008-05-05 19:18 --------- d-----w C:\Program Files\FLVPlayer4Free
2008-05-05 19:18 --------- d-----w C:\Program Files\DivX
2008-05-05 19:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-05 19:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-05 19:17 --------- d-----w C:\Program Files\Real
2008-05-05 19:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-05 19:17 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 19:16 155,995 ----a-w C:\WINDOWS\java\Packages\F1R7DBJJ.ZIP
2008-05-05 19:16 --------- d-----w C:\Program Files\Windows Live
2008-05-05 19:16 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-05 19:15 --------- d-----w C:\Program Files\MSN Messenger
2008-05-05 19:12 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-05 19:11 --------- d-----w C:\Program Files\Microsoft Works
2008-05-05 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 19:05 --------- d-----w C:\Program Files\S3
2008-05-05 19:05 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-05 19:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-05 19:05 --------- d-----w C:\Program Files\AvRack
2008-05-05 18:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-01 15:23 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:54 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:53 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
"NounLink"="C:\DOCUME~1\LOCALS~1\APPLIC~1\TWOPRO~1\MovePokeArmy.exe" [05/05/2008 10:53 PM 433664]
"SpyEmergency"="C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/05/2003 08:59 AM 57344 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/05/2008 10:17 PM 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM 36975]
"SystemInit"="" []
"Karen"="" []
"raVe"="" []
"Win32BaseServiceMOD"="" []
"startIE"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"raVe"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
"DisableRegedit"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 0
"NoInstrumentation"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [08/17/2001 01:28 PM]
S3 4348D;4348D;C:\WINDOWS\system32\4348D.sys [05/18/2008 10:18 PM]
S3 a972;a972;C:\WINDOWS\system32\a972.sys [05/18/2008 10:22 PM]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys []
.
s of the 'Scheduled Tasks' folder
"2008-05-19 17:00:02 C:\WINDOWS\Tasks\AD4550C0918EC224.job"
- c:\docume~1\user\applic~1\twopro~1\activenewpoll.exe
"2008-05-16 07:42:08 C:\WINDOWS\Tasks\McAfee Cleanup.job"
- C:\DOCUME~1\user\LOCALS~1\TEMP\MCPR.tmp\mccleanup.exe?-p mpfpcu,mpfp,mps,shred,mpscu,mskcu,msk,emproxy,mas,fwdriver,hw,mbk,mcproxy,mhn,mqccu,mqc,shrd,nmc,redir,mna,mwl,msad,vs,msc,mcpr -log
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-19 20:41:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 05/19/2008 20:42:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 17:42:20
Pre-Run: 6,616,612,864 bytes free
Post-Run: 6,638,895,104 bytes free
212 --- E O F --- 2008-05-07 22:40:14

من التقرير اشوف عندك ملفات كثيرة حذفت ياريت تعمل تقرير بالهاجيك

حمل هذا البرنامج وضعه على سطح المكتب واغلق كل شي واضغط على
do system scan and save log
لحظات سيظهر لك تقرير في النوت باد انسخ التقرير والصقه في الرد القادم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

المرة الجاية حط موضوع مستقل افضل لك ولناا <<<

 

[jwad22]

تامرني امر يسيدي

 

[Knight Lord]

يعطيكم العافيه