[تقرير]: تقرير هايجك من جهاز احد الاقارب

[mr.3bode]

بسم الله الرحمن الرحيم

السلام عليكم ورحمة الله وبركاته

اتمنى رؤوية هذا التقرير:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27:42 م, on 07/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\move bags.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IntraMode] C:\DOCUME~1\5C0F~1\APPLIC~1\MOREUP~1\Active bin the.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: ANB Direct -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe (file missing)
--
End of file - 5578 bytes
​

هل يوجد قيم مصابة او مواد ضارة ؟​

 

[mr.3bode]

بشّر ؟؟؟؟

 

[dяăģôŋ]

هذى خيارات التعامل مع الاصابات

Disinfect و Delete و skip
تطهير وحذف وتجاهل

​

لو عاد الامر لى اختار Delete​

 

[mr.3bode]

ذا تقرير كومبوفيكس:

ComboFix 08-12-06.06 - محمد 12/08/2008 2:09:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1176 [GMT 3:00]
Running from: c:\documents and settings\محمد\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\محمد\Application Data\FunWebProducts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0036D5E7.urr
c:\program files\FunWebProducts\Shared\00133C51.dat
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0008B157
c:\program files\MyWebSearch\bar\Cache\00125B95.rcgWQ
c:\program files\MyWebSearch\bar\Cache\001274AB.bin
c:\program files\MyWebSearch\bar\Cache\00127661.bin
c:\program files\MyWebSearch\bar\Cache\0012774B.bin
c:\program files\MyWebSearch\bar\Cache\00127845.bin
c:\program files\MyWebSearch\bar\Cache\001DDE3D.bin
c:\program files\MyWebSearch\bar\Cache\001DE021.bin
c:\program files\MyWebSearch\bar\Cache\001DE13B.bin
c:\program files\MyWebSearch\bar\Cache\001DE2F0.bin
c:\program files\MyWebSearch\bar\Cache\001DE532.bin
c:\program files\MyWebSearch\bar\Cache\001DE7E2
c:\program files\MyWebSearch\bar\Cache\0026CD98.bin
c:\program files\MyWebSearch\bar\Cache\0026D2B8.bin
c:\program files\MyWebSearch\bar\Cache\0026D50A.bin
c:\program files\MyWebSearch\bar\Cache\00373EB3
c:\program files\MyWebSearch\bar\Cache\0059C5FE
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NVMINI
-------\Legacy_SERVICEM​

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 23:15 3,547,168 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-07 23:14 --------- d-----w c:\documents and settings\محمد\Application Data\DMCache
2008-12-07 23:12 38,612 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-07 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\Memo save stupid creative
2008-12-07 19:23 --------- d-----w c:\documents and settings\محمد\Application Data\U3
2008-12-07 18:39 --------- d-----w c:\documents and settings\محمد\Application Data\Avira
2008-12-07 18:32 --------- d-----w c:\program files\CyberScrub Privacy Suite
2008-12-07 18:32 --------- d-----w c:\documents and settings\محمد\Application Data\CyberScrub
2008-12-07 18:21 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-07 18:21 --------- d-----w c:\program files\Java
2008-12-07 18:05 1,706 ----a-w c:\windows\system32\tmp.reg
2008-12-07 17:56 --------- d-----w c:\program files\Avira
2008-12-07 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-12-07 17:27 --------- d-----w c:\program files\Trend Micro
2008-12-07 17:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-07 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-12-07 16:56 --------- d-----w c:\program files\Your Uninstaller 2008
2008-12-07 16:55 --------- d-----w c:\program files\Internet Download Manager
2008-12-07 16:54 --------- d-----w c:\documents and settings\محمد\Application Data\URSoft
2008-12-07 16:39 --------- d-----w c:\program files\Yahoo!
2008-12-06 21:27 --------- d-----w c:\documents and settings\محمد\Application Data\IDM
2008-12-06 09:24 --------- d-----w c:\documents and settings\بدر\Application Data\U3
2008-11-29 14:11 --------- d-----w c:\program files\AVG
2008-11-26 07:42 --------- d-----w c:\documents and settings\محمد\Application Data\moreuploadbeep
2008-11-26 07:41 --------- d-----w c:\program files\moreuploadbeep
2008-11-16 16:00 --------- d-----w c:\documents and settings\بدر\Application Data\Windows Live Writer
2008-11-12 11:48 --------- d-----w c:\program files\CCleaner
2008-11-12 10:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 13:55 --------- d-----w c:\program files\Common Files\Adobe
2008-11-04 18:50 --------- d-----w c:\program files\Windows Live
2008-11-04 18:46 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-04 18:44 --------- d-----w c:\program files\Microsoft
2008-11-04 17:38 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-04 11:18 --------- d-----w c:\documents and settings\محمد\Application Data\GlobalSCAPE
2008-10-27 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-10-26 12:10 --------- d-----w c:\program files\CONEXANT
2008-10-25 12:52 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-25 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-24 17:36 --------- d-----w c:\program files\MSN Messenger
2008-10-24 13:14 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-09-08 21:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2005-03-18 12:51 9,312 ----a-w c:\windows\inf\SLBMGP98.DLL
2005-03-01 11:43 28,160 ----a-r c:\windows\inf\slbmgpg.dll
2005-03-01 11:43 15,360 ----a-r c:\windows\inf\egdrvcoins.dll
2005-03-01 11:43 13,312 ----a-r c:\windows\inf\egate.sys
2005-03-01 11:43 11,264 ----a-r c:\windows\inf\egatebus.sys
2005-03-01 11:43 10,752 ----a-r c:\windows\inf\egaterdr.sys
2003-06-11 23:05 20,480 ----a-w c:\windows\inf\wdmstub.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [12/07/2008 07:50 PM 2741680]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [12/01/2008 06:33 PM 1406192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [04/01/2008 04:39 PM 185896]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 01:28 PM 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [12/07/2008 09:21 PM 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 12:56 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 10/13/2004 07:24 PM 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 04/20/2006 02:17 AM 421888 c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite RiskMonitor]
--a------ 07/29/2008 11:37 AM 45192 c:\program files\CyberScrub Privacy Suite\Launch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite Scheduler]
--a------ 07/29/2008 11:37 AM 45192 c:\program files\CyberScrub Privacy Suite\Launch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/02/2004 08:24 PM 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rscmpt]
-ra------ 08/24/2002 08:48 PM 481792 c:\windows\system32\Rscmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 04/01/2008 04:39 PM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17324:TCP"= 17324:TCP:BitComet 17324 TCP
"17324:UDP"= 17324:UDP:BitComet 17324 UDP
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2008-12-07 71592]
R1 is-J6F06drv;is-J6F06drv;c:\windows\system32\DRIVERS\09663961.sys [2008-12-07 23:44:40 148496]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe" [2008-12-07 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-12-07 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-12-07 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-12-07 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2008-12-07 71464]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda23306-bd56-11dd-a5b0-000e2eb14241}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
s of the 'Scheduled Tasks' folder
2008-12-07 c:\windows\Tasks\ACAC200E918FD292.job
- c:\docume~1\5c0f~1\applic~1\moreup~1\Inside nurb hope.exe [12/07/2008 11:55 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-IntraMode - c:\docume~1\5C0F~1\APPLIC~1\MOREUP~1\Active bin the.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
MSConfigStartUp-NeroCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-Rg Security ! - c:\program files\Rg Security v6.7.481
MSConfigStartUp-stupid creative poll axis - c:\documents and settings\All Users\Application Data\Memo save stupid creative\Gpl Log.exe​

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\imon.dll
LSP: avsda.dll
O16 -: ANB Direct - hxxp://www.anb.com.sa/onlinebanking/classes.cab
c:\windows\Downloaded Program Files\ANB Direct.osd
O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
-

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 -: {630F2610-7654-11D1-83E3-0080C71A8794} - hxxp://www.anb.com.sa/arabic/onlinebanking/anb.cab
c:\windows\Downloaded Program Files\install-retail.inf
FireFox -: Profile - c:\documents and settings\محمد\Application Data\Mozilla\Firefox\Profiles\a1vb57go.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.sa/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-08 02:13:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\imon.dll
c:\windows\system32\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\Avira Premium Security Suite\sched.exe
c:\program files\Avira\Avira Premium Security Suite\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 12/08/2008 2:16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 23:16:37
Pre-Run: 10,782,699,520 bytes free
Post-Run: 10,837,434,368 bytes free
245 --- E O F --- 2008-10-25 18:54:45​

--------------------------------------------------------------------------------------------​

وهذا تقرير الهايجك:​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:21, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ANB Direct -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe (file missing)
--
End of file - 6942 bytes​

 

[dяăģôŋ]

الاصابات الى مسحتها الاداة كثيره

احذف القيم التاليه وبلغنا كيف وضع الجهاز بعد الريستارت

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search


O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O16 - DPF: ANB Direct -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[mr.3bode]

تم المسح

لكني اعاني من مشكلة في بطئ ايقاف التشغيل وبدء التشغيل وعند الدخول على حساب >> يعني عندما اضع كلمة المرور يقول لي جاري تحميل الاعدادات الشخصية ويطووول بعدين يفتح الجهاز عادي

 

[dяăģôŋ]

تم المسح

لكني اعاني من مشكلة في بطئ ايقاف التشغيل وبدء التشغيل وعند الدخول على حساب >> يعني عندما اضع كلمة المرور يقول لي جاري تحميل الاعدادات الشخصية ويطووول بعدين يفتح الجهاز عادي

كم وقت ياخذ بالحالتين

 

[mr.3bode]

من دقيقة الى دقيقتين في كل حالة

 

[dяăģôŋ]

دقيقتين واجد
طيب جرب الطريقتين التاليه


1

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

......................................................


2
​

من ابدأ ختر run واكتب الامر التالي

msconfig

ثم اوكي

ستظهر شاشة التطبيق

system configuration utility ​

اعمل كما يلي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

ثم وافق على اعادة التغشيل​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[mr.3bode]

طيب عندي مشكلة ايقاف التشغيل ..!

 

[dяăģôŋ]

طيب عندي مشكلة ايقاف التشغيل ..!

ايه المشكله بالايقاف

 

[mr.3bode]

بطيييء جدا جداً يقعد دقيقة او دقيقة ونص عشان يطفى الجهاز ..!

 

[mr.3bode]

بطيييء جدا جداً يقعد دقيقة او دقيقة ونص عشان يطفى الجهاز ..!

اريد حل لمشكلة ايقاف التشغيل البطيء

 

[mr.3bode]

Up

 

[dяăģôŋ]

بطيييء جدا جداً يقعد دقيقة او دقيقة ونص عشان يطفى الجهاز ..!

اذا الحلول السابقه مانفعت مااعتق انه هناك حلول اخرى
انتظر ردالاخوان الاعضاء يمكن احد عنه فكره جديده
ولو مضايقك الموضوع مره ولالقيت حلول
اعمل اصلاح للوندو

بالتوفيق اخوى

 

[mr.3bode]

ياليت الاقي حلووول ارجوك ابحث لي عن حل في الانترنت او في المنتدى ..!

 

[dяăģôŋ]

ياليت الاقي حلووول ارجوك ابحث لي عن حل في الانترنت او في المنتدى ..!

ودى اساعدك اخوى لاكن الى عندى عطيتك اياه
وذا جد جديد ابشر ماراح ابخل عليك بشئ
والشباب كذلك

 

[mr.3bode]

يلا يا اخوان ابي مسااعدهـ منكم يا النشاما