جهازي يعلق ويهنق ويبطيء في فتح البرامج

[shagran]

السلام عليكم ورحمة الله وبركاته:

جهازي يعلق ويهنق ويبطيء في فتح البرامج
لااجد سببا لذلك فبرامج الحماية ok
ولايوجد تعارضات
هناك طلبين من اخوتي ذوي الخبرة
استخلاص الخطأ من تقرير الهايجاك كيف يتم
ماهي مشكلة جهازي من خلال التقرير
التقرير:
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:50:15 م, on 17/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\ePM\EPM-DM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\bpk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\sarah\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\sarah\LOCALS~1\Temp\bntoz\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "%ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

--
End of file - 7238 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 636
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 08/04/1429 10:42:38 ص
File Modified Date : 08/04/1429 10:42:38 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 15/08/1429 08:34:38 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 408 K
Mem Usage Peak : 428 K
Page Faults : 195
Pagefile Usage : 168 K
Pagefile Peak Usage : 1708 K
File Attributes : A
==================================================

==================================================
Process Name : csrss.exe
ProcessID : 688
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 08/04/1429 10:42:16 ص
File Modified Date : 08/04/1429 10:42:16 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 15/08/1429 08:34:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4276 K
Mem Usage Peak : 4472 K
Page Faults : 105755
Pagefile Usage : 2000 K
Pagefile Peak Usage : 2000 K
File Attributes : A
==================================================

==================================================
Process Name : winlogon.exe
ProcessID : 712
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 507,904
File Created Date : 08/04/1429 10:42:40 ص
File Modified Date : 08/04/1429 10:42:40 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:40 م
Visible Windows : 0
Hidden Windows : 1
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3704 K
Mem Usage Peak : 15928 K
Page Faults : 11065
Pagefile Usage : 7852 K
Pagefile Peak Usage : 8932 K
File Attributes : A
==================================================

==================================================
Process Name : services.exe
ProcessID : 756
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,544
File Created Date : 08/04/1429 10:42:36 ص
File Modified Date : 08/04/1429 10:42:36 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3460 K
Mem Usage Peak : 3624 K
Page Faults : 1506
Pagefile Usage : 1856 K
Pagefile Peak Usage : 2476 K
File Attributes : A
==================================================

==================================================
Process Name : lsass.exe
ProcessID : 768
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 08/04/1429 10:42:26 ص
File Modified Date : 08/04/1429 10:42:26 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6448 K
Mem Usage Peak : 6476 K
Page Faults : 1848
Pagefile Usage : 4444 K
Pagefile Peak Usage : 4608 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 920
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 08/04/1429 10:42:38 ص
File Modified Date : 08/04/1429 10:42:38 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:43 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5292 K
Mem Usage Peak : 5348 K
Page Faults : 1510
Pagefile Usage : 6696 K
Pagefile Peak Usage : 26852 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1008
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 08/04/1429 10:42:38 ص
File Modified Date : 08/04/1429 10:42:38 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:46 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4564 K
Mem Usage Peak : 4588 K
Page Faults : 1294
Pagefile Usage : 5384 K
Pagefile Peak Usage : 5472 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1044
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 08/04/1429 10:42:38 ص
File Modified Date : 08/04/1429 10:42:38 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:46 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 21624 K
Mem Usage Peak : 23004 K
Page Faults : 10441
Pagefile Usage : 18604 K
Pagefile Peak Usage : 19704 K
File Attributes : A
==================================================

==================================================
Process Name : S24EvMon.exe
ProcessID : 1092
Priority : Normal
Product Name : Intel(R) PROSet/Wireless Service
Version : 11. 5. 1. 2
Description : Wireless Management Service
Company : Intel Corporation
Window Title :
File Size : 1,187,840
File Created Date : 26/02/1429 11:34:38 ص
File Modified Date : 26/02/1429 11:34:38 ص
Filename : C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:34:46 م
Visible Windows : 0
Hidden Windows : 4
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 13688 K
Mem Usage Peak : 13708 K
Page Faults : 3685
Pagefile Usage : 13548 K
Pagefile Peak Usage : 13604 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1208
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 08/04/1429 10:42:38 ص
File Modified Date : 08/04/1429 10:42:38 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:47 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3620 K
Mem Usage Peak : 3688 K
Page Faults : 1151
Pagefile Usage : 1400 K
Pagefile Peak Usage : 1484 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1256
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 08/04/1429 10:42:38 ص
File Modified Date : 08/04/1429 10:42:38 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:48 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4608 K
Mem Usage Peak : 4624 K
Page Faults : 1204
Pagefile Usage : 4628 K
Pagefile Peak Usage : 4676 K
File Attributes : A
==================================================

==================================================
Process Name : spoolsv.exe
ProcessID : 1284
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-0852)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 08/04/1429 10:42:38 ص
File Modified Date : 08/04/1429 10:42:38 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:48 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5492 K
Mem Usage Peak : 5516 K
Page Faults : 1893
Pagefile Usage : 6804 K
Pagefile Peak Usage : 7044 K
File Attributes : A
==================================================

==================================================
Process Name : sched.exe
ProcessID : 1324
Priority : Normal
Product Name : AntiVir Workstation
Version : 8.00.00.12
Description : Antivirus Scheduler
Company : Avira GmbH
Window Title :
File Size : 68,865
File Created Date : 08/08/1429 09:09:00 م
File Modified Date : 29/02/1429 09:00:08 ص
Filename : C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:34:48 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 528 K
Mem Usage Peak : 3564 K
Page Faults : 1352
Pagefile Usage : 1588 K
Pagefile Peak Usage : 1596 K
File Attributes : A
==================================================

==================================================
Process Name : anbmServ.exe
ProcessID : 1488
Priority : Normal
Product Name : Acer eManager for Notebook
Version : 3.0.5.8
Description : Service Program for Acer eManager
Company : OSA Technologies Inc.
Window Title :
File Size : 1,287,168
File Created Date : 01/07/1425 12:17:20 م
File Modified Date : 01/07/1425 12:17:20 م
Filename : C:\Acer\eManager\anbmServ.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:34:51 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5604 K
Mem Usage Peak : 5604 K
Page Faults : 2012
Pagefile Usage : 2596 K
Pagefile Peak Usage : 2596 K
File Attributes : A
==================================================

==================================================
Process Name : Explorer.EXE
ProcessID : 1756
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.5512 (xpsp.080413-2105)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Programs
File Size : 1,033,728
File Created Date : 08/04/1429 10:42:20 ص
File Modified Date : 08/04/1429 10:42:20 ص
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 15/08/1429 08:34:54 م
Visible Windows : 3
Hidden Windows : 42
User Name : SARAH-PC\sarah
Mem Usage : 34160 K
Mem Usage Peak : 60604 K
Page Faults : 2374879
Pagefile Usage : 57324 K
Pagefile Peak Usage : 61208 K
File Attributes : A
==================================================

==================================================
Process Name : avguard.exe
ProcessID : 1792
Priority : Normal
Product Name : AntiVir Workstation
Version : 8.00.01.15
Description : Antivirus On-Access Service
Company : Avira GmbH
Window Title :
File Size : 147,201
File Created Date : 08/08/1429 09:08:53 م
File Modified Date : 19/03/1429 12:34:49 م
Filename : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:34:54 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 12316 K
Mem Usage Peak : 70820 K
Page Faults : 79974
Pagefile Usage : 75668 K
Pagefile Peak Usage : 731612 K
File Attributes : A
==================================================

==================================================
Process Name : AppleMobileDeviceService.exe
ProcessID : 1832
Priority : Normal
Product Name : Apple Mobile Device Service
Version : 2.0.28.0
Description : Apple Mobile Device Service
Company : Apple Inc.
Window Title :
File Size : 116,040
File Created Date : 07/07/1429 06:47:18 ص
File Modified Date : 07/07/1429 06:47:18 ص
Filename : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:34:54 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2424 K
Mem Usage Peak : 2436 K
Page Faults : 606
Pagefile Usage : 2208 K
Pagefile Peak Usage : 2224 K
File Attributes : A
==================================================

==================================================
Process Name : guard.exe
ProcessID : 1852
Priority : Normal
Product Name : AVG Anti-Spyware
Version : 7, 5, 1, 22
Description : AVG Anti-Spyware guard
Company : GRISOFT s.r.o.
Window Title :
File Size : 312,880
File Created Date : 14/05/1428 12:31:10 م
File Modified Date : 14/05/1428 12:31:10 م
Filename : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:34:54 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1540 K
Mem Usage Peak : 49516 K
Page Faults : 24323
Pagefile Usage : 43344 K
Pagefile Peak Usage : 49648 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1880
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 08/04/1429 10:42:38 ص
File Modified Date : 08/04/1429 10:42:38 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:34:54 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3416 K
Mem Usage Peak : 3424 K
Page Faults : 906
Pagefile Usage : 2716 K
Pagefile Peak Usage : 2740 K
File Attributes : A
==================================================

==================================================
Process Name : EvtEng.exe
ProcessID : 1924
Priority : Normal
Product Name : Intel(R) PROSet/Wireless Event Log
Version : 11. 5. 1. 2
Description : Intel(R) PROSet/Wireless Event Log
Company : Intel Corporation
Window Title :
File Size : 823,296
File Created Date : 26/02/1429 11:55:56 ص
File Modified Date : 26/02/1429 11:55:56 ص
Filename : C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:34:54 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 13980 K
Mem Usage Peak : 14004 K
Page Faults : 3773
Pagefile Usage : 13844 K
Pagefile Peak Usage : 14328 K
File Attributes : A
==================================================

==================================================
Process Name : RegSrvc.exe
ProcessID : 2040
Priority : Normal
Product Name : Intel(R) PROSet/Wireless Registry Service
Version : 11. 5. 1. 2
Description : Intel(R) PROSet/Wireless Registry Service
Company : Intel Corporation
Window Title :
File Size : 483,328
File Created Date : 26/02/1429 11:30:12 ص
File Modified Date : 26/02/1429 11:30:12 ص
Filename : C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:34:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3244 K
Mem Usage Peak : 3252 K
Page Faults : 827
Pagefile Usage : 4180 K
Pagefile Peak Usage : 4204 K
File Attributes : A
==================================================

==================================================
Process Name : wmiprvse.exe
ProcessID : 668
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2108)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 09/07/1429 12:22:33 ص
File Modified Date : 08/04/1429 10:42:42 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:35:05 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5400 K
Mem Usage Peak : 5708 K
Page Faults : 1621
Pagefile Usage : 4992 K
Pagefile Peak Usage : 5796 K
File Attributes : A
==================================================

==================================================
Process Name : ZCfgSvc.exe
ProcessID : 1176
Priority : Normal
Product Name : ZeroCfgSvc Application
Version : 11. 5. 1. 2
Description : ZeroCfgSvc MFC Application
Company : Intel Corporation
Window Title :
File Size : 999,424
File Created Date : 26/02/1429 11:46:16 ص
File Modified Date : 26/02/1429 11:46:16 ص
Filename : C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:08 م
Visible Windows : 0
Hidden Windows : 5
User Name : SARAH-PC\sarah
Mem Usage : 15240 K
Mem Usage Peak : 15256 K
Page Faults : 21175
Pagefile Usage : 12128 K
Pagefile Peak Usage : 12208 K
File Attributes : A
==================================================

==================================================
Process Name : ifrmewrk.exe
ProcessID : 1184
Priority : Normal
Product Name : Intel(R) PROSet/Wireless
Version : 11. 5. 1. 2
Description : Intel Framework MFC Application
Company : Intel Corporation
Window Title :
File Size : 1,101,824
File Created Date : 26/02/1429 11:41:50 ص
File Modified Date : 26/02/1429 11:41:50 ص
Filename : C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:10 م
Visible Windows : 0
Hidden Windows : 7
User Name : SARAH-PC\sarah
Mem Usage : 18864 K
Mem Usage Peak : 18884 K
Page Faults : 23181
Pagefile Usage : 17844 K
Pagefile Peak Usage : 17872 K
File Attributes : A
==================================================

==================================================
Process Name : igfxtray.exe
ProcessID : 1472
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.2285
Description : igfxTray Module
Company : Intel Corporation
Window Title :
File Size : 155,648
File Created Date : 09/07/1429 02:10:58 ص
File Modified Date : 06/08/1424 11:37:36 ص
Filename : C:\WINDOWS\system32\igfxtray.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:11 م
Visible Windows : 0
Hidden Windows : 2
User Name : SARAH-PC\sarah
Mem Usage : 4380 K
Mem Usage Peak : 4392 K
Page Faults : 1152
Pagefile Usage : 1676 K
Pagefile Peak Usage : 2368 K
File Attributes : A
==================================================

==================================================
Process Name : hkcmd.exe
ProcessID : 1464
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.2285
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 118,784
File Created Date : 09/07/1429 02:10:50 ص
File Modified Date : 06/08/1424 11:19:44 ص
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:11 م
Visible Windows : 0
Hidden Windows : 18
User Name : SARAH-PC\sarah
Mem Usage : 4152 K
Mem Usage Peak : 4164 K
Page Faults : 1091
Pagefile Usage : 1732 K
Pagefile Peak Usage : 1820 K
File Attributes : A
==================================================

==================================================
Process Name : EPM-DM.exe
ProcessID : 1548
Priority : Normal
Product Name : Acer EPM Device Manager
Version : 2.35
Description : Acer EPM Device Manager
Company : Acer Inc
Window Title :
File Size : 163,840
File Created Date : 11/07/1429 07:54:11 م
File Modified Date : 14/09/1425 05:16:08 م
Filename : C:\Acer\ePM\EPM-DM.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:12 م
Visible Windows : 0
Hidden Windows : 2
User Name : SARAH-PC\sarah
Mem Usage : 3632 K
Mem Usage Peak : 3644 K
Page Faults : 986
Pagefile Usage : 2704 K
Pagefile Peak Usage : 2792 K
File Attributes : A
==================================================

==================================================
Process Name : rundll32.exe
ProcessID : 1716
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2105)
Description : Run a DLL as an App
Company : Microsoft Corporation
Window Title :
File Size : 33,280
File Created Date : 08/04/1429 10:42:34 ص
File Modified Date : 08/04/1429 10:42:34 ص
Filename : C:\WINDOWS\system32\rundll32.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:35:13 م
Visible Windows : 0
Hidden Windows : 3
User Name : SARAH-PC\sarah
Mem Usage : 4936 K
Mem Usage Peak : 4976 K
Page Faults : 242673
Pagefile Usage : 4052 K
Pagefile Peak Usage : 4244 K
File Attributes : A
==================================================

==================================================
Process Name : avgnt.exe
ProcessID : 1776
Priority : Normal
Product Name : AntiVir Workstation
Version : 8.00.00.07
Description : Antivirus System Tray Tool
Company : Avira GmbH
Window Title :
File Size : 262,401
File Created Date : 08/08/1429 09:08:53 م
File Modified Date : 05/02/1429 07:06:50 ص
Filename : C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:14 م
Visible Windows : 0
Hidden Windows : 5
User Name : SARAH-PC\sarah
Mem Usage : 2384 K
Mem Usage Peak : 53988 K
Page Faults : 67730
Pagefile Usage : 2468 K
Pagefile Peak Usage : 624332 K
File Attributes : A
==================================================

==================================================
Process Name : bpk.exe
ProcessID : 2084
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 218,112
File Created Date : 03/08/1428 11:52:19 ص
File Modified Date : 03/08/1428 11:52:19 ص
Filename : C:\WINDOWS\system32\bpk.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:15 م
Visible Windows : 0
Hidden Windows : 6
User Name : SARAH-PC\sarah
Mem Usage : 6584 K
Mem Usage Peak : 6584 K
Page Faults : 1752
Pagefile Usage : 2752 K
Pagefile Peak Usage : 2792 K
File Attributes : A
==================================================

==================================================
Process Name : ctfmon.exe
ProcessID : 2164
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2105)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 08/04/1429 10:42:18 ص
File Modified Date : 08/04/1429 10:42:18 ص
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:16 م
Visible Windows : 0
Hidden Windows : 5
User Name : SARAH-PC\sarah
Mem Usage : 13480 K
Mem Usage Peak : 13492 K
Page Faults : 2797255
Pagefile Usage : 11344 K
Pagefile Peak Usage : 11432 K
File Attributes : A
==================================================

==================================================
Process Name : IDMan.exe
ProcessID : 2200
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.12.11.0
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title :
File Size : 2,594,224
File Created Date : 07/05/1429 12:56:45 م
File Modified Date : 09/07/1429 07:16:01 ص
Filename : C:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:17 م
Visible Windows : 0
Hidden Windows : 7
User Name : SARAH-PC\sarah
Mem Usage : 10420 K
Mem Usage Peak : 10428 K
Page Faults : 4074
Pagefile Usage : 16164 K
Pagefile Peak Usage : 16268 K
File Attributes : A
==================================================

==================================================
Process Name : Dot1XCfg.exe
ProcessID : 3036
Priority : Normal
Product Name : Intel PROSet/Wireless
Version : 11. 5. 1. 2
Description : Intel 802.1x Server
Company : Intel Corporation
Window Title :
File Size : 688,128
File Created Date : 26/02/1429 11:37:38 ص
File Modified Date : 26/02/1429 11:37:38 ص
Filename : C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:35:31 م
Visible Windows : 0
Hidden Windows : 5
User Name : SARAH-PC\sarah
Mem Usage : 16676 K
Mem Usage Peak : 16688 K
Page Faults : 4409
Pagefile Usage : 14424 K
Pagefile Peak Usage : 14512 K
File Attributes : A
==================================================

==================================================
Process Name : IEMonitor.exe
ProcessID : 2744
Priority : Normal
Product Name : IEMonitor Application
Version : 5, 12, 8, 0
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,312
File Created Date : 07/05/1429 12:56:41 م
File Modified Date : 11/02/1429 01:01:01 م
Filename : C:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:36:48 م
Visible Windows : 0
Hidden Windows : 3
User Name : SARAH-PC\sarah
Mem Usage : 5552 K
Mem Usage Peak : 5560 K
Page Faults : 1502
Pagefile Usage : 6164 K
Pagefile Peak Usage : 6176 K
File Attributes : A
==================================================

==================================================
Process Name : FIREFOX.EXE
ProcessID : 4036
Priority : Normal
Product Name : Firefox
Version : 1.8.1.16: 2008070205
Description : Firefox
Company : Mozilla Corporation
Window Title : زيزوووم للأمن والحمايه - Powered by vBulletin - Mozilla Firefox
File Size : 7,667,312
File Created Date : 09/07/1429 01:23:06 ص
File Modified Date : 14/07/1429 12:50:18 ص
Filename : C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
Base Address : 0x00400000
Created On : 15/08/1429 08:46:21 م
Visible Windows : 1
Hidden Windows : 14
User Name : SARAH-PC\sarah
Mem Usage : 34916 K
Mem Usage Peak : 36600 K
Page Faults : 13166
Pagefile Usage : 28184 K
Pagefile Peak Usage : 30092 K
File Attributes : A
==================================================

==================================================
Process Name : runn.exe
ProcessID : 3640
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 15/08/1429 05:50:03 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\sarah\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:50:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : SARAH-PC\sarah
Mem Usage : 2124 K
Mem Usage Peak : 2132 K
Page Faults : 640
Pagefile Usage : 800 K
Pagefile Peak Usage : 804 K
File Attributes : A
==================================================

==================================================
Process Name : cmd.exe
ProcessID : 3672
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 389,120
File Created Date : 08/04/1429 10:42:16 ص
File Modified Date : 08/04/1429 10:42:16 ص
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 15/08/1429 08:50:04 م
Visible Windows : 0
Hidden Windows : 1
User Name : SARAH-PC\sarah
Mem Usage : 2940 K
Mem Usage Peak : 3004 K
Page Faults : 847
Pagefile Usage : 2124 K
Pagefile Peak Usage : 2200 K
File Attributes : A
==================================================

==================================================
Process Name : wmiprvse.exe
ProcessID : 1276
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2108)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 09/07/1429 12:22:33 ص
File Modified Date : 08/04/1429 10:42:42 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 15/08/1429 08:50:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5832 K
Mem Usage Peak : 5832 K
Page Faults : 1489
Pagefile Usage : 6384 K
Pagefile Peak Usage : 6384 K
File Attributes : A
==================================================

==================================================
Process Name : CProcess.exe
ProcessID : 3604
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 15/08/1429 05:50:03 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\sarah\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 15/08/1429 08:50:16 م
Visible Windows : 0
Hidden Windows : 0
User Name : SARAH-PC\sarah
Mem Usage : 2208 K
Mem Usage Peak : 2252 K
Page Faults : 1006
Pagefile Usage : 884 K
Pagefile Peak Usage : 1520 K
File Attributes : A
==================================================

.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\rdpclip.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.5512
c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware
"%ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
AVG Anti-Spyware
GRISOFT s.r.o.
7.05.0001.0043
c:\program files\grisoft\avg anti-spyware 7.5\zyzoom.exe
IntelZeroConfig
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
ZeroCfgSvc MFC Application
Intel Corporation
11.05.0001.0002
c:\program files\intel\wireless\bin\zcfgsvc.exe
IntelWireless
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
Intel Framework MFC Application
Intel Corporation
11.05.0001.0002
c:\program files\intel\wireless\bin\ifrmewrk.exe
igfxtray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
3.00.0000.2285
c:\windows\system32\igfxtray.exe
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.2285
c:\windows\system32\hkcmd.exe
HotKeysCmds
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.2285
c:\windows\system32\hkcmd.exe
EPM-DM
C:\Acer\ePM\EPM-DM.exe
Acer EPM Device Manager
Acer Inc
0.02.0003.0005
c:\acer\epm\epm-dm.exe
ePowerManagement
C:\Acer\ePM\ePM.exe boot
Acer ePowerManagement
Acer Value Labs, Taiwan
1.00.0005.0002
c:\acer\epm\epm.exe
BluetoothAuthenticationAgent
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Bluetooth Control Panel Applet
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\bthprops.cpl
avgnt
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
Antivirus System Tray Tool
Avira GmbH
8.00.0000.0007
c:\program files\avira\antivir personaledition classic\avgnt.exe
bpk
C:\WINDOWS\system32\bpk.exe
c:\windows\system32\bpk.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\ctfmon.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.12.0011.0000
c:\program files\internet download manager\idman.exe

Task Scheduler
AppleSoftwareUpdate.job
C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
Apple Software Update
Apple Inc.
2.01.0000.0110
c:\program files\apple software update\softwareupdate.exe
XoftSpySE 2.job
C:\Program Files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe ShowReminders
Xoftspy
ParetoLogic
4.33.5259.0001
c:\program files\bronz patch pro\xoftspyse\xoftspy.exe
.
.
----------- End Report ---------------

 

[shagran]

وهذا تقرير الاداة:SmitFraudFix v2.337
SmitFraudFix v2.337

Scan done at 20:58:24.39, Sun 08/17/2008
Run from C:\Documents and Settings\sarah\êéهں¢ï\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0E898A53-E9FC-4C64-B5BE-229C349B0795}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0E898A53-E9FC-4C64-B5BE-229C349B0795}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0E898A53-E9FC-4C64-B5BE-229C349B0795}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[Knight Lord]

تقريرك مشوش عزيزي..

حمل البرنامج من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دبل كلك على على صوره البرنامج

ثواني ويطلع لك تقرير انسخه وارفقه بردك القادم

 

[shagran]

شكرا اخي الكريم لمتابعتك وهذا التقرير من جديد بالاداة المحملة:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:08 م, on 17/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\ePM\EPM-DM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\bpk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\sarah\Local Settings\Temp\wz8ea9\HijackThis.exe
C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\2.exe
C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\1.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "%ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

--
End of file - 7309 bytes

 

[Knight Lord]

احذف هاذي
C:\WINDOWS\system32\bpk.exe

C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\2.exe

C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\1.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

طريقه الحذف

تظهر هذه النافذه اظغط نعم

ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ

داه تنضيف الجهاز
نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واذهب الى ازالة البرامج واحذف التولبار وامكن مايكون عندك

وعزيزي برنامج الحمايه فيه مشكله عندك الي هو الافيراا احذفه واعد تنصيبه
وشغل جدار الحمايه للوندز

 

[shagran]

اخي الكريم بعد التحية والسلام والشكر العظيم لمجهودك معي
تم تنفيذ الحذف لكل ماذكر سابقا واعادة تنصيب الايفرا
لكن الملفين
C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\2.exe

C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\1.exe
لم توجد ضمن القائمة فقمت بحذفها يدويا من التيمب
وهذا هو التقرير بعد الاصلاحات هل ترى من جديد.
شكرا لجهودك اخي الكريم.تحيتي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:02 م, on 17/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\ePM\EPM-DM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\sarah\Desktop\Registry_Repair_Wizard_2008.exe
C:\Documents and Settings\sarah\Application Data\Thinstall\Registry Repair Wizard\40000016d00002i\RCHelper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\1.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "%ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

--
End of file - 7246 bytes

 

[dollar989]

اضافة بسيطة ومهمة

اذهب الى ابدأ ثم تشغيل ثم اكتب الأمر التالي msconfig ثم موافق تظهر لك شاشة اختر بدأ التشغيل وعطل جميع البرامج بإزالة الصح عنها ما عدا برامج الحماية عندك


بعد ذلك اعمل التالي
start
run
cleanmgr /sageset
قم بتظليل كل الحقول واضغط على OK
بعد ذلك
cleanmgr /sagerun
وقم بتنظيف كل الـ partitions
هذا كفيل بتسريع وتحسين اداء الجهاز قليلا

 

[Knight Lord]

عزيزي احذف هذي
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

احذفها عزيزي

تظهر هذه النافذه اظغط نعم

بعدين نفس الشي الحمايه مضروب عندك انصحك نزل اخر نسخه من الكاسبر وشغل جدار الحمايه الخاصه بالوندز

اذا كان تبي تحذف الافيراا هذ1 موضووع عن الكاسبر النسخه الاخيره

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

‏
انصحك فيها

لاحذفت الافيرا

حمل الأداة التاليـة​

رابط التحميل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

طريقةالاستخدام
بالماوس دبل كلك على الملف Dial-a-fix.exe عندها تظهر الشاشه الرئيسيه
اختر جميع الخيارات ,, واضغط على GO

وانتظر حتى تنتهي الأداة من عملها
وأخبرنا بالنتيجه​

 

[dяăģôŋ]

زودا على كلام الاحبه شيل القيم هذى

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

نزل هالاداة لتنظيف الجهاز

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط



شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

​

 

[shagran]

حمل الأداة التاليـة​

رابط التحميل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

طريقةالاستخدام
بالماوس دبل كلك على الملف Dial-a-fix.exe عندها تظهر الشاشه الرئيسيه
اختر جميع الخيارات ,, واضغط على GO

وانتظر حتى تنتهي الأداة من عملها

وأخبرنا بالنتيجه​

[/quote]

أخي الكريم تم عمل ذلك وتم تغيير الانتي فايروس وتم تشغيل الفايروول
الاداة السابقة تعمل وملاحظات عليها تبين ملفات ام مفقودة اوكوربت (خربانة) واكثر تلك الملفات
في الاكسبلورر تم حذف الاكسبلورر واعادة تنصيبه ثم تم تشغيل اداة فحص واصلاح الاكسبلورر
ومن ثم تشغيل هذه الاداة مرة اخرى ولازالت تعطي نفس المعلومات بفقدان بعض الملفات
طبعا الملفات المفقودة لايمكنني وضع اسماءها لانها تاتي في مربع استنتاجي لايمكنني النسخ واللصق منه
وهذا اخر تقرير هايجاك بعد حذف القيم المفترضة والتي اشرت لها مع اخينا الذي قبلي في المشاركة فارجو النظر وتوجيهي بما ترون لازال الجهاز ثقيلا وبطيء بعد كل التحسينات السابقة الاحظ تحسن نوعا ما بسيط
تحيتي وشكر لكل من ساهم في هذا الموضوع باراء او اضافات.
دمتم بخير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:11:31 ص, on 18/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\ePM\EPM-DM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\1.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "%ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\sarah\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\sarah\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
--
End of file - 6947 bytes

 

[dяăģôŋ]

حدد التالى
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
​

 

[shagran]

شكرا اخي كونق على متابعتك
عذا تقرير الاداة:
ComboFix 08-08-17.03 - sarah 08/18/2008 2:09:05.1 - NTFSx86
Running from: C:\Documents and Settings\sarah\ملفاتي\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\sarah\Application Data\inst.exe
C:\Documents and Settings\sarah\êéهں¢ï\Unzipped\éê«، ¥ \éê«، ¥ \Desktop_.ini
C:\Documents and Settings\sarah\êéهں¢ï\Unzipped\éê«، ¥ \éê«، ¥ \Folder Settings\Desktop_.ini
C:\WINDOWS\system32\bpk.exe
C:\WINDOWS\system32\inst.dat
C:\WINDOWS\system32\pk.bin
C:\WINDOWS\system32\Ultra.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 23:21 311,328 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-17 23:21 2,144 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-17 23:21 --------- d-----w C:\Documents and Settings\sarah\Application Data\DMCache
2008-08-17 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-17 23:20 11,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-17 23:20 1,225,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-17 23:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-17 22:51 --------- d-----w C:\Documents and Settings\sarah\Application Data\uTorrent
2008-08-17 22:35 --------- d-----w C:\Program Files\Bug Doctor
2008-08-17 22:03 --------- d-----w C:\Documents and Settings\sarah\Application Data\cleaner
2008-08-17 21:00 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-17 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-17 20:26 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-17 20:24 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-17 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-17 17:58 3,210 ----a-w C:\WINDOWS\system32\tmp.reg
2008-08-17 16:45 --------- d-----w C:\Documents and Settings\sarah\Application Data\Nero
2008-08-17 16:43 --------- d-----w C:\Program Files\Nero
2008-08-17 16:43 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-17 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-16 21:19 --------- d-----w C:\Documents and Settings\sarah\Application Data\TuneUp Software
2008-08-16 15:46 --------- d-----w C:\Documents and Settings\sarah\Application Data\IDM
2008-08-15 18:52 --------- d-----w C:\Program Files\Webteh
2008-08-15 18:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-15 18:46 --------- d-----w C:\Program Files\Total Video Converter
2008-08-15 18:45 --------- d-----w C:\Program Files\SubSync
2008-08-15 16:21 --------- d-----w C:\Program Files\AviDvdBurner
2008-08-15 16:11 --------- d-----w C:\Program Files\Aimersoft
2008-08-14 22:51 --------- d-----w C:\Documents and Settings\sarah\Application Data\iolo
2008-08-14 22:44 --------- d-----w C:\Documents and Settings\sarah\Application Data\Thinstall
2008-08-14 22:01 153,600 ----a-w C:\WINDOWS\system32\TLBINF32.DLL
2008-08-14 18:18 --------- d-----w C:\Documents and Settings\sarah\Application Data\Vso
2008-08-14 17:52 --------- d-----w C:\Program Files\Cucusoft
2008-08-14 17:47 --------- d-----w C:\Program Files\AC3Filter
2008-08-14 17:46 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-14 16:36 --------- d-----w C:\Program Files\Xilisoft
2008-08-13 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 16:33 --------- d-----w C:\Program Files\HistoryKill 2008
2008-08-12 15:55 --------- d-----w C:\Program Files\Uniblue
2008-08-12 15:55 --------- d-----w C:\Documents and Settings\sarah\Application Data\Uniblue
2008-08-11 17:59 --------- d-----w C:\Documents and Settings\sarah\Application Data\DivX
2008-08-11 14:21 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-11 14:03 --------- d-----w C:\Program Files\TimeAdjuster
2008-08-11 13:54 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-11 13:54 249,856 ------w C:\WINDOWS\Setup1.exe
2008-08-10 21:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-10 21:31 --------- d-----w C:\Program Files\Smart Projects
2008-08-10 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-10 21:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-10 20:28 --------- d-----w C:\Program Files\Ashampoo
2008-08-10 12:41 --------- d-----w C:\Program Files\Alcohol Soft
2008-08-09 14:15 --------- d-----w C:\Program Files\Minefield
2008-08-07 15:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-05 02:14 --------- d-----w C:\Program Files\Microsoft Works
2008-08-05 02:13 --------- d-----w C:\Program Files\MSBuild
2008-08-05 02:09 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-04 18:33 --------- d-----w C:\Program Files\PFConfig
2008-08-04 11:29 --------- d-----w C:\Documents and Settings\sarah\Application Data\dvdcss
2008-08-03 21:15 --------- d-----w C:\Program Files\RamCleaner
2008-08-02 12:32 --------- d-----w C:\Program Files\InterActual
2008-08-02 12:23 --------- d-----w C:\Documents and Settings\sarah\Application Data\CyberScrub
2008-08-02 08:37 --------- d-----w C:\Program Files\Sun
2008-08-02 08:35 --------- d-----w C:\Program Files\Java
2008-07-31 23:09 --------- d-----w C:\Documents and Settings\sarah\Application Data\FairStars Audio Converter
2008-07-31 23:07 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-07-31 22:39 --------- d-----w C:\Program Files\Realtek AC97
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-27 20:32 --------- d-----w C:\Program Files\Resource Hacker 3.4.0
2008-07-27 20:32 --------- d-----w C:\Program Files\AutoGK
2008-07-27 20:31 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-25 21:29 --------- d-----w C:\Documents and Settings\sarah\Application Data\Hide IP NG
2008-07-23 12:31 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-07-23 11:46 --------- d-----w C:\Documents and Settings\sarah\Application Data\Apple Computer
2008-07-22 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-07-22 18:24 --------- d-----w C:\Documents and Settings\sarah\Application Data\AVI ReComp
2008-07-22 17:54 --------- d-----w C:\Program Files\JetAudio
2008-07-22 17:36 --------- d-----w C:\Program Files\Common Files\COWON
2008-07-22 16:29 --------- d-----w C:\Documents and Settings\sarah\Application Data\COWON
2008-07-21 15:46 --------- d-----w C:\Program Files\Easy Video Converter
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-21 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-07-18 10:28 --------- d-----w C:\Program Files\RegistryBooster 2
2008-07-18 10:14 --------- d-----w C:\Program Files\BrOnZ Patch Pro
2008-07-18 06:12 --------- d-----w C:\Program Files\BT Engine
2008-07-17 21:01 --------- d-----w C:\Program Files\URUSoft
2008-07-17 19:54 --------- d-----w C:\Program Files\iTunes
2008-07-17 19:53 --------- d-----w C:\Program Files\iPod
2008-07-17 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-17 19:51 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-17 19:24 --------- d-----w C:\Program Files\Safari
2008-07-17 19:12 --------- d-----w C:\Program Files\QuickTime
2008-07-16 09:23 --------- d-----w C:\Program Files\Apple Software Update
2008-07-16 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-15 04:03 --------- d-----w C:\Program Files\PowerISO
2008-07-15 03:56 --------- d-----w C:\Program Files\UltraISO
2008-07-15 03:55 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-07-15 03:51 --------- d-----w C:\Documents and Settings\sarah\Application Data\DAEMON Tools
2008-07-14 19:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
.
------- Sigcheck -------
04/23/2008 08:34 AM 2350208 af263738fad02e11d21f2c8f18054c80 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 01:42 PM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/12/2008 10:16 AM 2594224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 04:50 AM 6731312]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [03/04/2008 02:46 PM 999424]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [03/04/2008 02:41 PM 1101824]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/02/2003 02:37 PM 155648]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/02/2003 02:19 PM 118784]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/02/2003 02:19 PM 118784]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [11/02/2004 09:43 PM 2884096]
"EPM-DM"="C:\Acer\ePM\EPM-DM.exe" [10/27/2004 08:16 PM 163840]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 01:42 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 01:42 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 10/27/2006 12:47 AM 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 07/12/2008 10:16 AM 2594224 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 07/12/2008 07:07 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe
"SoundMan"=SOUNDMAN.EXE
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [07/19/2004 01:10 PM]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [09/02/2004 05:27 PM]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [06/01/2004 11:50 AM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM]
S2 Windows Update Center;Update Center;C:\WINDOWS\scvhost.exe []
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [06/26/2008 09:13 AM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [07/12/2008 07:21 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
s of the 'Scheduled Tasks' folder
2008-08-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [04/11/2008 05:57 PM]
2008-08-17 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe [07/13/2007 02:44 PM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\sarah\Application Data\Mozilla\Firefox\Profiles\1k60jti6.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Minefield\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Minefield\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-18 02:21:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 08/18/2008 2:24:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-17 23:24:32
Pre-Run: 29,453,885,440 bytes free
Post-Run: 29,354,147,840 bytes free
234 --- E O F --- 2008-08-13 13:57:07
=====================================
وهذا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31:41 ص, on 18/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\ePM\EPM-DM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "%ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
--
End of file - 6861 bytes

 

[Knight Lord]

كيف الوضع عندك عزيزي

 

[shagran]

اهلين اخي نايت لورد الوضع كما هو لاتغيير تعليق وبطيء بدون تحسن ملحوظ يبدو لي ان اخر العلاج الكي(فورمات)
ولكن سأؤخرها الى الويكند لاحتياجي للجهاز ولنقل المعلومات مالم يتحسن !
شاكر لك مساعتدك ومتابعتك.
دمت لاخوك

 

[Knight Lord]

اهلين اخي نايت لورد الوضع كما هو لاتغيير تعليق وبطيء بدون تحسن ملحوظ يبدو لي ان اخر العلاج الكي(فورمات)
ولكن سأؤخرها الى الويكند لاحتياجي للجهاز ولنقل المعلومات مالم يتحسن !
شاكر لك مساعتدك ومتابعتك.
دمت لاخوك

عزيزي خذ بالاساسيات..

سرعه الجهاز..الرام..الخ..

البرامج الي موجوده عندك ااذا كانت بكثره..بتثقل ع الجهاز...الحمايه كم برنامج عندك..

 

[dяăģôŋ]

اخوى القيمه هذى مازالة موجوده

O23 - Service: Update Center (Windows Update Center) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

اخى الكريم المشكله عندك اذا مانى غلطان بتحديثات الوندو والملفات المؤقته

وهذى الملف اتبع مساره وحذفه
C:\DOCUME~1\sarah\LOCALS~1\Temp\RarSFX0\1.exe

جرب احذف جميع التحديثات الى بجهازك وسو تقرير ثانى​