{ تم حل المشكلة } مشكلة رسالة (تدقيق دوري للفائض) مين يحلها

مسيو2001 · 6 أغسطس 2008

السلام عليكم ورحمة الله وبركاته
اخواني الاعزاء لحظت هذه المشكله بكثره وهي رسالت

‏‏لا يمكن نسخ الملف: ‏‏خطأ في البيانات (تدقيق دوري للفائض).

لا يمكن نقل الملف: ‏‏خطأ في البيانات (تدقيق دوري للفائض).

واعتقد ان اكثر الاخوان ما عرف شلون يحله واعتقد انالفورمات ليس حل لجميع المشاكل

يعني بالعربي صعبه كل ما طلعتلي مشكله على طول فورمات على العموم ما اطول عليكم وهذي موصفات جهازي

وايضا قبل ما اطرح المشكله سويت بحث بالقوقل وببعض المنتديات

وجميع الحلول غير مجديه ولاحظت ان الكثير يشكي من نفس المشكله ياليت من اللاخوان يلقون لنا حل وان شاء الله مجور على عمله وله دعاء بظهر الغيب

ودمتم في رعاية المولى

MAAX · 6 أغسطس 2008

حياك يالغالي

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

مسيو2001 · 8 أغسطس 2008

السلام عليكم
اخي الكرم ماكس يعطيك الف عافيه واسف لاتاخري بارد
بعد ما حملت الملف وقمت بتعطيل الحماية بجهازي وسوست زي ما قلت وبعد اعادة التشغيل وعندى اقلاع الوندوز تطلعلي الشاشه زرقا ويقوم الجهاز باعادة التشغيل تللقائي وقمت بفرمتة الجهاز والان يعمل بشكل جيد والله يعطيك الف عافيه
كل الاحترام

boob77 · 14 سبتمبر 2008

حمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

يجب ان تكون جميع النوافذ مغلقة تماما
لا تلمس الماوس نهائيا عند الاستخدام
--------------------------------------------

( 2 )

واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

مسيو2001 · 15 سبتمبر 2008

اسف لتكرار الموضوع والف شكر لتجاوبك للموضوع اما بالنسبه للتقرير
ComboFix 08-09-14.01 - winxp 09/15/2008 3:30:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.1533 [GMT 3:00]
Running from: C:\Documents and Settings\winxp\سطح المكتب\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\_000110_.tmp.dll
C:\WINDOWS\system32\_000111_.tmp.dll
C:\WINDOWS\system32\AutoRun.inf

----- BITS: Possible infected sites -----

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

.
((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 00:31 --------- d-----w C:\Documents and Settings\winxp\Application Data\DMCache
2008-09-15 00:28 --------- d-----w C:\Documents and Settings\winxp\Application Data\TeraCopy
2008-09-14 19:45 --------- d-----w C:\Documents and Settings\winxp\Application Data\Ulead Systems
2008-09-14 08:52 --------- d-----w C:\Program Files\Notepad++
2008-09-14 08:52 --------- d-----w C:\Documents and Settings\winxp\Application Data\Notepad++
2008-09-14 08:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-14 08:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 08:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 08:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-14 08:44 --------- d-----w C:\Program Files\Theorica Divx ;-) Codecs
2008-09-14 08:44 --------- d-----w C:\Program Files\Resource Hacker
2008-09-14 08:43 680,960 ----a-w C:\WINDOWS\isRS-000.tmp
2008-09-14 08:43 --------- d-----w C:\Program Files\ClickPic
2008-09-14 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-14 08:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 08:37 --------- d-----w C:\Program Files\Windows Media Components
2008-09-14 08:37 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-09-14 08:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-14 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2008-09-14 08:36 --------- d-----w C:\Program Files\Corel
2008-09-14 08:33 --------- d-----w C:\Program Files\XnView
2008-09-14 08:17 --------- d-----w C:\Program Files\MyPlayCity.com
2008-09-14 08:00 --------- d-----w C:\Documents and Settings\winxp\Application Data\USBSafelyRemove
2008-09-14 07:59 --------- d-----w C:\Program Files\USB Safely Remove
2008-09-14 07:58 --------- d-----w C:\Program Files\Unlocker
2008-09-14 07:36 --------- d-----w C:\Program Files\TeraCopy
2008-09-14 07:35 --------- d-----w C:\Program Files\BurstCopy
2008-09-14 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\BurstCopy Labs
2008-09-14 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-14 06:54 --------- d-----w C:\Program Files\Eraser
2008-09-14 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-14 06:26 --------- d-----w C:\Program Files\Microsoft Works
2008-09-14 06:25 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-14 04:08 --------- d-----w C:\Program Files\DriverGuide DriverScan
2008-09-14 03:43 --------- d-----w C:\Program Files\ma-config.com
2008-09-14 03:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-14 01:38 --------- d-----w C:\Program Files\SFXMaker
2008-09-14 01:34 --------- d-----w C:\Program Files\KingoOo Portable Maker
2008-09-14 00:41 --------- d-----w C:\Program Files\Team JPN
2008-09-13 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-09-13 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-09-13 19:38 --------- d-----w C:\Program Files\Windows Live
2008-09-13 19:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-13 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-13 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-13 19:23 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-13 19:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-13 19:23 --------- d-----w C:\Program Files\Bonjour
2008-09-13 19:18 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-09-13 19:13 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-13 18:26 --------- d-----w C:\Documents and Settings\winxp\Application Data\IDM
2008-09-13 08:49 --------- d-----w C:\Documents and Settings\winxp\Application Data\vlc
2008-09-13 08:49 --------- d-----w C:\Documents and Settings\winxp\Application Data\Media Player Classic
2008-09-13 08:48 --------- d-----w C:\Documents and Settings\winxp\Application Data\DivX
2008-09-13 07:17 --------- d-----w C:\Program Files\Avira
2008-09-13 07:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-09-13 06:24 728,858 ----a-w C:\Program Files\Common Files\unins000.exe
2008-09-13 06:24 2,538 ----a-w C:\Program Files\Common Files\unins000.dat
2008-09-13 06:13 --------- d-----w C:\Documents and Settings\winxp\Application Data\Thinstall
2008-09-13 03:51 --------- d-----w C:\Program Files\BoomerangDR
2008-09-13 03:22 196,608 ----a-w C:\WINDOWS\system32\SET91.tmp
2008-09-13 03:15 2,195,456 ----a-w C:\WINDOWS\system32\SET35.tmp
2008-09-13 03:06 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-09-13 02:50 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-13 02:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-13 02:50 --------- d-----w C:\Program Files\Real
2008-09-13 02:50 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-13 02:50 --------- d-----w C:\Program Files\Common Files\Real
2008-09-13 02:47 --------- d-----w C:\Program Files\XP Codec Pack
2008-09-13 02:46 --------- d-----w C:\Program Files\VisualTaskTips
2008-09-13 02:46 --------- d-----w C:\Program Files\VideoLAN
2008-09-13 02:46 --------- d-----w C:\Program Files\Nero
2008-09-13 02:46 --------- d-----w C:\Documents and Settings\winxp\Application Data\Desktopicon
2008-09-13 02:45 --------- d-----w C:\Program Files\UltraISO
2008-09-13 02:45 --------- d-----w C:\Program Files\TechSmith
2008-09-13 02:45 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-09-13 02:44 --------- d-----w C:\Program Files\Java
2008-09-13 02:44 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-13 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-13 02:43 57,376 ----a-w C:\Program Files\Uninstall.exe
2008-09-13 02:43 5,109 ----a-w C:\Program Files\Uninstall.ini
2008-09-13 02:43 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-13 02:43 --------- d-----w C:\Program Files\Common Files\Java
2008-09-13 02:42 --------- d-----w C:\Program Files\EASEUS
2008-09-13 02:42 --------- d-----w C:\Program Files\Data Recovery Toolbox
2008-09-13 02:42 --------- d-----w C:\Program Files\CCleaner
2008-09-13 02:41 --------- d-----w C:\Program Files\7-Zip
2008-09-13 02:40 --------- d-----w C:\Program Files\System
2008-09-13 02:40 --------- d-----w C:\Program Files\DivX
2008-09-13 02:39 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-13 02:39 --------- d-----w C:\Documents and Settings\winxp\Application Data\URSoft
2008-09-13 02:34 --------- d-----w C:\Program Files\HP
2008-09-13 02:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-09-13 02:33 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-13 02:33 --------- d-----w C:\Program Files\Common Files\HP
2008-09-13 02:33 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-09-13 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-09-13 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-12 22:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-12 22:26 --------- d-----w C:\Program Files\Realtek
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [07/25/2003 11:15 AM 536576]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/28/2008 10:02 PM 2610608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"USB Safely Remove"="C:\Program Files\USB Safely Remove\USBSafelyRemove.exe" [04/23/2008 02:35 PM 1087488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 07:15 AM 15872]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/25/2005 05:02 PM 6746112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/16/2008 02:01 PM 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [06/12/2008 02:28 PM 266497]
"UVS12 Preload"="C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe" [06/09/2008 11:03 AM 397456]
"RTHDCPL"="RTHDCPL.EXE" [05/25/2007 09:51 AM 16132608 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]

C:\Documents and Settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe [2008-08-29 6824264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= C:\WINDOWS\system32\i263_32.drv
"msacm.ac3filter"= ac3filter.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [06/12/2008 02:59 PM 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [05/09/2008 01:22 PM 41217]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [07/11/2008 12:23 PM 164097]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [09/02/2008 04:14 PM 191656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\maibfcsb.default\
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-15 03:31:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 09/15/2008 3:32:33
ComboFix-quarantined-files.txt 2008-09-15 00:32:28

Pre-Run: 82,112,700,416 bytes free
Post-Run: 82,224,656,384 bytes free

211

boob77 · 15 سبتمبر 2008

وين تقرير الهاجيك بارك الله فيك

مسيو2001 · 15 سبتمبر 2008

تفضل اخي العزيز

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

eyad_moon · 15 سبتمبر 2008

السلام عليكم
مثل قديم يقول
لا تعطيني سمكة ... بل علمني كيف اصطادها
يعني ممكن نعرف سبب هالمشكلة و ليش طلعت و بعدا بتتفضلو و بتشرحولنا كيف يتم الحل
يعني انا بصراحة بفضل اني اعمل كل شي بإيدي و ما اعتمد على حدا
لهيك بحب شوف شو الخطأ و حاول صلحو بنفسي
حتى اني ما عندي مضاد فايروسات .. و من 8 و الجهاز الحمد لله ( 0 ) فايروس

الله يعطيكون العافية و على جهودكوم الكبيرة
بس ياريت شرح صغير

boob77 · 16 سبتمبر 2008

حدد هالقيم واحذفهاا

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

طريقة الحذف

ثم نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

من تشغيل اكتب cleanmgr موافق حط صح على الكل موافق واعد التشغيل

LINEZERO · 16 سبتمبر 2008

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

دبل كلك على الاداة تظهر لك الشاشة التالية

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

قم باختيار مايناسبك وتريد مسحه ثم اضغط OK

^
^^
^^^
بالنسبة لي انا احددها كلها
:q:

وعند الانتهاء سيتم تنظيف مجلد الـ prefetch تلقائيا"

رابط على سيرفر المنتدى

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

رابط اخر Zshare

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

300 كيلوبايت

التوافق = VISTA & XP

بارك الله فيك اخوي بوب

مسيو2001 · 16 سبتمبر 2008

اخواني والله ما قصرتو راح اجرب وارجعلكم
الف تحيه طيبه لكم

مسيو2001 · 16 سبتمبر 2008

اخي الكريم

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

يعجز لساني عن شكرك
الف شكر وجزاك الله الف خير ورحم الله والديك ووالدينا والمسلمين

اخي الكريم

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

مبادره طيبه وكريمه من رجلاً كريم
جزاك الله خير الجزء

ابشركم انحلت المشكله ولله الحمد وهذا بفضل الله ثم اخي بوب جزاه الله خير

boob77 · 16 سبتمبر 2008

العفو اخي ,, والحمدلله ان امورك ضبطت

والشكر موصول للغالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

حنشر · 8 أكتوبر 2008

موضوع قيم وشرح وافي من الاخوان..
الله يعطيهم العافيه على المجهود الكبير...
...

zein-a · 7 مارس 2009

السلام عليك أخي العزيز لدي نفس المسكلة وأتمنى أن تساعدني في الحل
علما أن النظام الذي أستخدمه
XP SP3
وقمت باتباع تعليماتك
تقرير combofix
ComboFix 09-03-04.01 - e.Zein 03/06/2009 12:02:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.3327.2761 [GMT 2:00]
Running from: c:\documents and settings\e.Zein\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 10:05 4,605,472 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-06 10:04 5,288 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-06 10:04 44,396 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-06 10:04 311,328 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-06 10:04 --------- d-----w c:\program files\microsoft frontpage
2009-03-06 10:04 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-06 09:40 --------- d-----w c:\program files\Microsoft.NET
2009-03-06 09:40 --------- d-----w c:\program files\Microsoft Works
2009-03-06 09:40 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-06 09:19 --------- d-----w c:\documents and settings\e.Zein\Application Data\My Games
2009-03-06 01:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 01:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 19:01 --------- d-----w c:\program files\PowerCmd
2009-03-05 18:55 --------- d-----w c:\documents and settings\e.Zein\Application Data\Media Player Classic
2009-03-05 18:50 --------- d-----w c:\program files\RegSupreme
2009-03-05 18:49 --------- d-----w c:\program files\MpcStar
2009-03-05 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-05 18:46 --------- d-----w c:\program files\ORITE
2009-03-05 18:46 --------- d-----w c:\program files\Common Files\PCCamera
2009-03-05 18:44 --------- d-----w c:\program files\Winamp
2009-03-05 18:44 --------- d-----w c:\program files\DFX
2009-03-05 18:36 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-05 18:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-05 18:36 --------- d-----w c:\program files\PCSecurity
2009-03-05 18:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\PC Suite
2009-03-05 18:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Nokia
2009-03-05 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-05 18:35 --------- d-----w c:\program files\PC Connectivity Solution
2009-03-05 18:35 --------- d-----w c:\program files\Nokia
2009-03-05 18:35 --------- d-----w c:\program files\DIFX
2009-03-05 18:35 --------- d-----w c:\program files\Common Files\PCSuite
2009-03-05 18:35 --------- d-----w c:\program files\Common Files\Nokia
2009-03-05 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-05 18:33 --------- d-----w c:\program files\Coolpro2
2009-03-05 18:32 --------- d-----w c:\documents and settings\e.Zein\Application Data\Syntrillium
2009-03-05 18:30 --------- d-----w c:\program files\Innovatools
2009-03-05 18:23 --------- d-----w c:\program files\Windows Live
2009-03-05 18:21 --------- d-----w c:\program files\Unlocker
2009-03-05 16:38 --------- d-----w c:\program files\CyberLink
2009-03-05 16:37 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-05 16:37 --------- d-----w c:\program files\Common Files\Ahead
2009-03-05 16:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Ahead
2009-03-05 16:35 --------- d-----w c:\program files\Nero
2009-03-05 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-05 15:10 --------- d-----w c:\documents and settings\e.Zein\Application Data\COWON
2009-03-05 01:36 --------- d-----w c:\documents and settings\e.Zein\Application Data\Talkback
2009-03-05 01:15 --------- d-----w c:\program files\Vtune
2009-03-05 01:05 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-05 01:05 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-05 01:05 --------- d-----w c:\program files\Kaspersky Lab
2009-03-05 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-05 01:02 --------- d-----w c:\program files\TGTSoft
2009-03-05 00:58 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-05 00:53 --------- d-----w c:\program files\Rockstar Games
2009-03-05 00:50 --------- d-----w c:\program files\Real
2009-03-05 00:50 --------- d-----w c:\program files\Common Files\xing shared
2009-03-05 00:50 --------- d-----w c:\program files\Common Files\Real
2009-03-05 00:49 --------- d-----w c:\program files\JetAudio
2009-03-05 00:49 --------- d-----w c:\program files\Common Files\COWON
2009-03-05 00:49 --------- d-----w c:\program files\قاموس صخر الجديد
2009-03-05 00:46 --------- d-----w c:\program files\Styler
2009-03-05 00:46 --------- d-----w c:\program files\LClock
2009-03-05 00:34 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-05 00:34 --------- d-----w c:\program files\AutoCAD 2006
2009-03-05 00:33 --------- d-----w c:\program files\AnswerWorks 4.0
2009-03-05 00:31 --------- d-----w c:\documents and settings\e.Zein\Application Data\Autodesk
2009-03-05 00:31 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-03-05 00:30 --------- d-----w c:\program files\Autodesk
2009-03-05 00:25 --------- d-----w c:\program files\CONEXANT
2009-03-05 00:20 --------- d-----w c:\program files\Realtek
2009-03-05 00:20 --------- d-----w c:\documents and settings\e.Zein\Application Data\InstallShield
2009-03-05 00:19 --------- d-----w c:\program files\VIA
2009-03-05 00:12 --------- d-----w c:\program files\Intel
2009-03-05 00:05 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2009-03-04 21:34 --------- d-----w c:\program files\AGEIA Technologies
2009-03-04 21:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-04 21:29 --------- d-----w c:\program files\Microsoft WSE
2009-03-04 21:28 --------- d-----w c:\program files\Reference Assemblies
2009-03-04 21:28 --------- d-----w c:\program files\MSXML 6.0
2009-03-04 21:28 --------- d-----w c:\program files\MSBuild
2009-03-04 21:28 --------- d-----w c:\documents and settings\e.Zein\Application Data\Styler
2009-03-04 21:25 --------- d-----w c:\documents and settings\e.Zein\Application Data\Desktopicon
2009-03-04 21:24 --------- d-----w c:\program files\Sysinternals
2009-03-04 21:24 --------- d-----w c:\program files\Hunt Virus Utilities
2009-03-04 21:24 --------- d-----w c:\program files\Common Files\Stardock
2009-03-04 21:24 --------- d-----w c:\program files\Alky for Applications
2009-03-04 21:15 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-04 21:15 --------- d-----w c:\program files\Stanimir Stoyanov
2009-03-04 21:15 --------- d-----w c:\program files\Desktop
2008-04-07 06:59 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

05/18/2008 01:03 PM 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows\system32\drivers\tcpip.sys

05/10/2008 02:49 PM 2306560 0f733106a818383806060abc29fe0f3a c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 02:00 PM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 06:05 PM 143360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [06/17/2008 04:00 PM 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [06/18/2008 02:31 PM 1122816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [10/21/2008 12:12 PM 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [10/21/2008 12:12 PM 86016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [08/15/2008 05:13 AM 30003200]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [11/11/2008 07:59 PM 206088]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM 56928]
"SDaemon"="c:\windows\sdaemon.exe" [04/18/2005 11:57 PM 111104]
"SWd"="c:\windows\winwd.exe" [04/18/2005 11:56 PM 26624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 11:38 AM 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/05/2009 02:50 AM 185896]
"nwiz"="nwiz.exe" [10/21/2008 12:12 PM 1630208 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM 495616]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 02:00 PM 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [05/18/2008 01:03 PM 124928 c:\windows\system32\advpack.dll]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 12/05/2006 10:55 PM 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/12/2006 03:40 PM 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 01/30/2006 06:23 PM 1363968 c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 03/05/2009 02:50 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29:38 م 32784]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [18/05/2008 01:15:01 م 143360]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [18/04/2005 11:57:28 م 20352]
R2 winser;winser;c:\windows\system32\winsersec.exe [14/04/2005 12:37:32 ص 53248]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06:48 م 24592]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05/03/2009 02:19:10 ص 845184]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {FE723CEE-4A73-4B02-B4BF-40F52038B9E7} = 213.178.225.25 199.202.55.2
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\e.Zein\Application Data\Mozilla\Firefox\Profiles\y1xii9cm.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-06 12:05:07
Windows 5.1.2600 Service Pack 3, v.5512 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 03/06/2009 12:06:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 10:05:59

Pre-Run: 96,362,295,296 bytes free
Post-Run: 96,388,837,376 bytes free

213

وهذا تقرير HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 12:01:43 م, on 06/03/2009
Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winsersec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\e.Zein\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE723CEE-4A73-4B02-B4BF-40F52038B9E7}: NameServer = 213.178.225.25 199.202.55.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: winser - Unknown owner - C:\WINDOWS\system32\winsersec.exe

مع فائق المحبة والاحترام

خزره تازجه · 5 فبراير 2010

ما قصرت يا بوب والصراحة دورت علاج لها المشكله مالقيته الا عندكم

أشرح لكم مشكلتي انا تتطلعلي الرساله ( خطأ في البيانات تدقيق دوري للفائض )
مثل ميسو لاكن مو في أي نسخ إنما في احد الهاردسكين اللي عندي -عندي هاردسكين- و - وندوز xp -
الهارسك الاول اللي عليه الوندز قسمين

C) و

D) وهذاالهارسك سليم 100%
الهارسك الثاني اللي طلعلي نخله في راسي مقسم

F) و

G) وهذا اللي فيه نفس المشكله ,
إذا جيت تنسخ أي شي من

F) أو

G) ولو صوره يطلع لك هذي الرساله ( خطأ في البيانات تدقيق دوري للفائض )
وأنا سويت فحص بأداة ComboFix.exe وهذا التقرير :
ComboFix 10-02-03.07 - Administrator 02/04/2010 18:42:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.3061.2630 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.
2010-02-04 15:33 . 2010-02-04 15:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Moyea
2010-02-04 13:25 . 2006-01-18 10:55 290918 ----a-w- c:\windows\system32\Install7x.dll
2010-02-04 13:25 . 2005-10-17 16:50 245376 ----a-w- c:\windows\system32\drivers\rt2500usb.SYS
2010-02-04 13:25 . 2005-05-17 13:24 311296 ----a-w- c:\windows\system32\AegisI5.exe
2010-02-04 13:25 . 2006-01-12 16:46 252928 ----a-w- c:\windows\system32\drivers\rt73.sys
2010-02-04 13:25 . 2005-11-30 08:33 2048 ----a-w- c:\windows\system32\drivers\rt73.bin
2010-02-04 13:24 . 2010-02-04 13:24 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-02-04 13:24 . 2010-02-04 13:24 -------- d-----w- c:\program files\TP-LINK
2010-02-02 05:18 . 2007-02-06 20:06 544640 ----a-w- c:\windows\system32\ar5211.sys
2010-02-02 05:17 . 2010-02-02 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK
2010-01-30 19:05 . 2010-02-01 06:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-01-20 14:37 . 2001-09-18 10:38 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-20 14:37 . 2001-09-18 10:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-20 14:37 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-01-20 14:37 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-13 16:45 . 2010-01-13 16:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 15:29 . 2001-09-19 12:00 40118 ----a-w- c:\windows\system32\perfc001.dat
2010-02-04 15:29 . 2001-09-19 12:00 251674 ----a-w- c:\windows\system32\perfh001.dat
2010-02-04 13:24 . 2009-12-15 09:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 13:10 . 2009-12-15 10:45 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-01-13 16:44 . 2009-12-15 10:00 -------- d-----w- c:\program files\ESET
2010-01-13 16:44 . 2009-12-15 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-01-05 18:15 . 2009-12-23 02:10 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-12-26 23:41 . 2009-12-19 18:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-12-26 10:41 . 2009-12-26 10:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-26 10:41 . 2009-12-26 10:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-12-24 11:48 . 2009-12-24 11:48 0 ----a-w- c:\windows\nsreg.dat
2009-12-23 16:27 . 2009-12-23 02:26 -------- d-----w- c:\program files\Ask.com
2009-12-23 16:27 . 2009-12-15 10:34 -------- d-----w- c:\program files\ClocX
2009-12-23 16:27 . 2009-12-15 10:33 -------- d-----w- c:\program files\mpegable
2009-12-23 05:32 . 2009-12-23 05:32 -------- d-----w- c:\program files\Google
2009-12-23 02:25 . 2009-12-23 02:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-12-23 02:25 . 2009-12-19 18:12 -------- d-----w- c:\program files\Paltalk Messenger
2009-12-22 09:49 . 2009-12-15 09:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-21 11:47 . 2009-12-21 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-12-20 20:48 . 2009-12-20 20:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2009-12-20 12:25 . 2009-12-20 12:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-12-20 10:25 . 2009-12-20 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\AlMAdinahMushaf
2009-12-20 09:37 . 2009-12-15 10:13 336656 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-19 21:37 . 2009-12-19 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-12-19 18:11 . 2009-12-19 18:11 -------- d-----w- c:\program files\Skype
2009-12-19 18:11 . 2009-12-19 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-19 18:11 . 2009-12-19 18:11 -------- d-----w- c:\program files\Common Files\Skype
2009-12-15 10:45 . 2009-12-15 10:45 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-15 10:45 . 2009-12-15 10:45 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-15 10:45 . 2009-12-15 10:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-12-15 10:45 . 2009-12-15 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-12-15 10:45 . 2009-12-15 10:45 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-12-15 10:34 . 2009-12-15 10:34 -------- d-----w- c:\program files\Common Files\Real
2009-12-15 10:34 . 2009-12-15 10:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-15 10:34 . 2009-12-15 10:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-15 10:34 . 2009-12-15 10:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-15 10:34 . 2009-12-15 10:34 -------- d-----w- c:\program files\Real
2009-12-15 10:33 . 2009-12-15 10:33 47104 ------w- c:\windows\AKDeInstall.exe
2009-12-15 10:32 . 2009-12-15 10:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-15 10:29 . 2009-12-15 10:29 -------- d-----w- c:\program files\GRETECH
2009-12-15 10:28 . 2009-12-15 10:28 -------- d-----w- c:\program files\Moyea
2009-12-15 10:26 . 2009-12-15 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-15 10:20 . 2009-12-15 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-12-15 10:20 . 2009-12-15 10:19 -------- d-----w- c:\program files\مصحف المدينة النبوية
2009-12-15 10:20 . 2009-12-15 09:30 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-15 10:16 . 2009-12-15 10:16 -------- d-----w- c:\program files\CCleaner
2009-12-15 10:13 . 2009-12-15 10:13 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-15 10:11 . 2009-12-15 10:11 -------- d-----w- c:\program files\Windows Live
2009-12-15 10:09 . 2009-12-15 10:09 -------- d-----w- c:\program files\Java
2009-12-15 10:09 . 2009-12-15 10:09 -------- d-----w- c:\program files\Common Files\Java
2009-12-15 10:06 . 2009-12-15 10:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-15 10:05 . 2009-12-15 09:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-15 10:04 . 2009-12-15 10:04 2232 ----a-w- c:\windows\java\Packages\Data\5VVPNLRF.DAT
2009-12-15 10:04 . 2009-12-15 10:04 155995 ----a-w- c:\windows\java\Packages\D3BNF9V9.ZIP
2009-12-15 10:04 . 2009-12-15 10:04 2678 ----a-w- c:\windows\java\Packages\Data\B1VF3JHB.DAT
2009-12-15 10:04 . 2009-12-15 10:04 2678 ----a-w- c:\windows\java\Packages\Data\XN5FH3VV.DAT
2009-12-15 10:04 . 2009-12-15 10:04 2678 ----a-w- c:\windows\java\Packages\Data\TBLVNZ71.DAT
2009-12-15 10:04 . 2009-12-15 10:04 2678 ----a-w- c:\windows\java\Packages\Data\FTF7B797.DAT
2009-12-15 10:04 . 2009-12-15 10:04 2678 ----a-w- c:\windows\java\Packages\Data\5ZFZ75B7.DAT
2009-12-15 10:03 . 2009-12-15 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-12-15 10:01 . 2009-12-15 10:01 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-12-15 10:01 . 2009-12-15 10:01 -------- d-----w- c:\program files\Common Files\Macromedia
2009-12-15 10:01 . 2009-12-15 10:01 -------- d-----w- c:\program files\Macromedia
2009-12-15 10:01 . 2009-12-15 10:01 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-12-15 10:01 . 2009-12-15 10:01 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-12-15 10:01 . 2009-12-15 10:01 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-12-15 10:01 . 2009-12-15 10:01 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-12-15 10:01 . 2009-12-15 10:01 1986560 ----a-w- c:\windows\system32\akll.dll
2009-12-15 10:01 . 2009-12-15 10:01 196608 ----a-w- c:\windows\system32\maag.dll
2009-12-15 10:01 . 2009-12-15 10:01 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-12-15 10:01 . 2009-12-15 10:01 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-12-15 10:01 . 2009-12-15 10:00 -------- d-----w- c:\program files\Real_SC
2009-12-15 09:57 . 2009-12-15 09:57 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-12-15 09:57 . 2009-12-15 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-12-15 09:57 . 2009-12-15 09:57 -------- d-----w- c:\program files\ACD Systems
2009-12-15 09:51 . 2009-12-15 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-15 09:51 . 2009-12-15 09:51 -------- d-----w- c:\program files\Microsoft Works
2009-12-15 09:51 . 2009-12-15 09:51 -------- d-----w- c:\program files\MSBuild
2009-12-15 09:32 . 2009-12-15 09:30 -------- d-----w- c:\program files\Realtek
2009-12-15 09:32 . 2009-12-15 09:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-12-15 09:32 . 2009-12-15 09:27 16608 ----a-w- c:\windows\gdrv.sys
2009-12-15 09:27 . 2009-12-15 09:27 -------- d-----w- c:\program files\Intel
2009-12-15 09:11 . 2009-12-15 09:11 -------- d-----w- c:\program files\microsoft frontpage
2009-12-15 09:09 . 2009-12-15 09:09 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-16 06:06 . 2009-11-16 06:06 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-11-16 06:06 . 2009-11-16 06:06 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-11-16 06:03 . 2009-11-16 06:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 05:56 . 2009-11-16 05:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-02-04_14.54.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-19 12:00 . 2010-02-04 13:31 40128 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2010-02-04 15:29 40128 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2010-02-04 15:29 311740 c:\windows\system32\perfh009.dat
- 2001-09-19 12:00 . 2010-02-04 13:31 311740 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 14:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-24 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-24 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-12-15 77824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-15 198160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-15 113664]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-12-3 11552768]
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2010-2-4 622592]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 09:03 ص 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16/11/2009 09:04 ص 735960]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-02-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 13:28]
2010-02-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xtdnp0au.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2010-02-04 18:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1124)
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-04 18:46:23
ComboFix-quarantined-files.txt 2010-02-04 15:46
ComboFix2.txt 2010-02-04 14:55
Pre-Run: 73,863,327,744 bytes free
Post-Run: 73,834,708,992 bytes free
- - End Of File - - 1806DDAF1D7C8F8B966FA8CF693FBE2B

وهذا تقرير الـ هايجـاك :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:19:31 م, on 05/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Paltalk Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6538 bytes

..............................................

مع كل الشكر والتقدير لك اخي بوب

خالد الوصارة · 5 فبراير 2010

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

الموضوع منتهي منذ فترة

ولمن كان له نفس المشكلة عليه فتح

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وإن شاءالله الاخوة ماراح يقصروا

يغلق

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومي نشيط

عضوشرف

زيزوومي نشيط

زيزوومى فضى

زيزوومي نشيط

زيزوومى فضى

زيزوومي نشيط

زيزوومي جديد

زيزوومى فضى

زيزوومى محترف

توقيع : LINEZERO

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

زيزوومى مبدع

توقيع : حنشر

زيزوومي جديد

زيزوومي جديد

زيزوومى محترف

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم