عند محاولة أفراغ سلة المهملات يظهر لي سلة المحذوفات في c معطوبة هل تود افراغها في الـ d

إ

إعصار فضائي

زيزوومي جديد
إنضم
15 نوفمبر 2008
المشاركات
55
مستوى التفاعل
1
النقاط
50
الإقامة
لااعلم
غير متصل
بسم الله الرحمن الرحيم
السلام عليكم ورحمة الله وبركاته

انا (اعوذ بالله من كلمة انا) عندي نظام ويندوز اكس بي
واذا حذفت شي وعملت افراغ سلة المحذوفات يقول لي :
سلة المحذوفات في c معطوبة هل تود افراغها في الـ d
واذا ضغطت لا يقول هل تود افراغها في الـ e
ارجو المساعدة والله يوفقكم
والسلام عليكم ,,,
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
عذراُ بتعديل العنوآن للأنسب ,,

بارك الله فيك ,,

وين مثبت النظآم أنت على أي قرص وكم نظآم لديك ؟
 
توقيع : Corporation
تأييد 0
اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
 
توقيع : format
تأييد 0
هذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:40:02 م, on 21/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\Romoz\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Romoz\My Documents\Downloads\Programs\HiJackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [srv32win] C:\Program Files\NetServer\netserve.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [srv32win] C:\Program Files\NetServer\netserve.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7269 bytes
 
تأييد 0
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [srv32win] C:\Program Files\NetServer\netserve.exe

O4 - HKCU\..\Run: [srv32win] C:\Program Files\NetServer\netserve.exe
 
توقيع : format
تأييد 0
طريقة الحذف


mg%20%283%29.png


mg%20%284%29.png




نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


أو

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

i9141_11.png

i9142_22.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

i9143_33.png



بعدها اعمل تقرير هايجك جديد​
 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
اولا
عطل برامج الحماية لديك

نزل هذه الاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
 
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد 0
التقرير الأول ....



ComboFix 09-05-23.04 - Romoz 05/25/2009 15:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1980.1529 [GMT -7:00]
Running from: c:\documents and settings\Romoz\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
c:\windows\system32\x64\csnp2uvc.dll
c:\windows\system32\x64\rsnpvc64.dll
c:\windows\system32\x64\sncduvc.sys
c:\windows\system32\x64\snp2uvc.sys
c:\windows\system32\x64\vsnpvc64.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.
2009-05-25 22:31 . 2009-05-25 22:31 -------- d-----w c:\documents and settings\Romoz\Application Data\CyberScrub
2009-05-25 21:18 . 2009-05-25 21:18 -------- d-----w c:\documents and settings\Romoz\Application Data\TuneUp Software
2009-05-25 21:18 . 2009-05-25 21:18 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-25 21:18 . 2009-05-25 21:18 -------- d-----w c:\documents and settings\Romoz\Application Data\TuneUp Software-BackupByTuneUpPortable
2009-05-25 21:17 . 2009-05-25 21:17 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-25 01:00 . 2009-05-25 01:00 -------- d-----w c:\program files\Common Files\xing shared
2009-05-25 00:31 . 2009-05-25 00:31 -------- d-----w c:\documents and settings\Romoz\Application Data\vlc
2009-05-24 22:15 . 2009-05-24 22:15 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-24 21:06 . 2009-05-24 21:06 390664 ----a-w c:\documents and settings\Romoz\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-24 20:58 . 2009-05-24 20:58 -------- d-----w c:\documents and settings\Romoz\Phone Browser
2009-05-23 20:50 . 2009-05-23 20:50 -------- d-----w c:\documents and settings\Romoz\Application Data\Media Player Classic
2009-05-23 06:17 . 2009-05-23 06:17 -------- d-----w c:\documents and settings\Romoz\Local Settings\Application Data\Google
2009-05-23 06:16 . 2009-05-23 06:17 -------- d-----w c:\program files\Google
2009-05-23 05:23 . 2007-01-11 10:20 194304 ------r c:\windows\system32\drivers\RTL8187.sys
2009-05-23 05:23 . 2009-05-23 05:23 21035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-05-23 05:23 . 2002-10-02 16:57 13532 ----a-w c:\windows\system32\drivers\SjyPkt.sys
2009-05-23 05:23 . 2009-05-23 05:23 -------- d-----w c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2009-05-22 22:38 . 2009-05-22 22:38 -------- d-----w c:\program files\LtUcx
2009-05-22 04:05 . 2009-05-22 04:05 -------- d-----w c:\windows\system32\ar-sa
2009-05-22 03:06 . 2009-02-20 18:09 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-05-22 03:06 . 2009-02-20 18:09 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-05-22 03:06 . 2009-02-20 18:09 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-05-22 03:06 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-05-22 03:06 . 2009-02-20 18:09 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-05-22 03:06 . 2009-02-20 18:09 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-05-22 03:06 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-05-22 03:06 . 2009-02-20 18:09 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-05-21 21:54 . 2009-05-21 21:54 -------- d-----w c:\documents and settings\Romoz\Local Settings\Application Data\ESET
2009-05-21 05:03 . 2009-05-21 05:03 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-21 03:44 . 2009-05-21 03:44 0 ----a-w c:\documents and settings\Romoz\Application Data\IDM\DwnlData\Romoz\avira_antivir_personal_en_65\avira_antivir_personal_en.exe
2009-05-21 03:40 . 2009-05-21 03:40 0 ----a-w c:\documents and settings\Romoz\Application Data\IDM\DwnlData\Romoz\avira_antivir_personal_en_63\avira_antivir_personal_en.exe
2009-05-19 02:30 . 2009-05-19 02:30 -------- d-----w c:\documents and settings\Romoz\Application Data\ESET
2009-05-19 02:24 . 2009-05-19 02:24 -------- d-----w c:\program files\ESET
2009-05-19 02:24 . 2009-05-19 02:24 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-17 11:12 . 2009-05-17 11:16 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-17 10:56 . 2009-05-17 10:59 88338 ----a-w c:\documents and settings\Romoz\Application Data\IDM\DwnlData\Romoz\nmsetup_41\nmsetup.exe
2009-05-16 15:39 . 2009-05-16 15:50 65 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Flash Disk\ado12.dll
2009-05-16 15:39 . 2009-05-16 15:48 -------- d-----w c:\documents and settings\All Users\Application Data\NSPData
2009-05-16 15:39 . 2009-05-16 15:51 -------- d-----w c:\program files\NetServer
2009-05-16 08:50 . 2009-05-16 09:20 -------- d-----w c:\program files\Elaborate Bytes
2009-05-16 08:12 . 2009-05-16 08:12 -------- d-----w c:\program files\Alcohol Soft
2009-05-16 07:43 . 2009-05-16 08:11 716272 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-15 10:11 . 2009-05-15 10:11 -------- d-sh--w c:\documents and settings\Romoz\UserData
2009-05-15 08:24 . 2009-05-15 08:24 198064 ----a-w c:\documents and settings\Romoz\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-15 08:24 . 2009-05-25 22:36 -------- d-----w c:\documents and settings\Romoz\Application Data\DMCache
2009-05-15 08:24 . 2009-05-20 23:39 -------- d-----w c:\documents and settings\Romoz\Application Data\IDM
2009-05-15 08:24 . 2009-05-16 15:28 -------- d-----w c:\program files\Internet Download Manager
2009-05-15 07:36 . 2009-05-15 07:36 -------- d-----w c:\documents and settings\Romoz\Local Settings\Application Data\Thinstall
2009-05-15 07:36 . 2009-05-15 07:36 -------- d-----w c:\documents and settings\Romoz\Application Data\Thinstall
2009-05-15 07:21 . 2004-08-04 06:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-15 07:14 . 2009-05-15 07:14 -------- d-----w c:\documents and settings\Romoz\Application Data\Ahead
2009-05-14 23:30 . 2009-05-14 23:30 -------- d-----w c:\documents and settings\Romoz\Application Data\COWON
2009-05-14 22:54 . 2009-05-15 17:52 -------- d-----w c:\documents and settings\Romoz\Contacts
2009-05-14 22:53 . 2009-05-14 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-14 08:30 . 2009-05-23 08:25 -------- d-----w c:\documents and settings\Romoz\Application Data\Skype
2009-05-14 08:30 . 2009-05-14 08:30 -------- d-----r c:\program files\Skype
2009-05-14 08:30 . 2009-05-14 08:30 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-14 08:29 . 1999-12-17 15:13 86016 ----a-w c:\windows\unvise32.exe
2009-05-14 08:29 . 2009-05-14 08:29 -------- d-----w c:\program files\SWiSHmax
2009-05-14 08:26 . 2009-05-14 08:26 201728 ----a-w c:\windows\system32\Alwatan_Clock.scr
2009-05-14 08:26 . 2009-05-14 08:26 -------- d-----w c:\windows\system32\Alwatan_Clock dir
2009-05-14 08:26 . 2009-05-14 08:26 -------- d-----w c:\program files\Windows Live
2009-05-14 08:26 . 2009-05-14 08:26 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-14 08:25 . 2009-05-14 08:25 -------- d-----w c:\program files\The KMPlayer
2009-05-14 08:24 . 2009-05-14 08:24 -------- d-----w c:\program files\ClocX
2009-05-14 08:18 . 2009-05-14 08:18 -------- d-----w c:\program files\Alwil Software
2009-04-29 12:20 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 22:30 . 2009-05-25 22:30 -------- d-----w c:\documents and settings\Romoz\Application Data\cleaner
2009-05-25 01:00 . 2009-02-02 08:33 -------- d-----w c:\program files\Common Files\Real
2009-05-23 05:23 . 2009-02-02 07:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-22 20:24 . 2009-02-02 07:36 73608 ----a-w c:\documents and settings\Romoz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 08:59 . 2009-02-02 08:19 -------- d-----w c:\program files\Common Files\Adobe
2009-05-22 07:13 . 2009-05-22 07:13 -------- d-----w c:\windows\Fonts\fonts khalid
2009-05-21 20:42 . 2009-02-01 18:11 -------- d-----w c:\program files\Real_SC
2009-05-15 07:06 . 2009-02-01 18:05 -------- d-----w c:\program files\Arabic_video
2009-05-14 23:30 . 2009-02-02 09:29 -------- d-----w c:\program files\JetAudio
2009-05-14 08:26 . 2009-02-02 08:24 -------- d-----w c:\program files\MSN Messenger
2009-04-09 22:21 . 2009-04-09 22:21 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-04-09 22:21 . 2009-04-09 22:21 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-04-09 22:21 . 2009-04-09 22:21 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-04-09 22:18 . 2009-04-09 22:18 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-04-09 22:10 . 2009-04-09 22:10 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-03 00:18 . 2004-08-03 22:56 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-30 2799024]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"srv32win"="c:\program files\NetServer\netserve.exe" [2007-08-31 720896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-30 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2004-04-13 103936]
"srv32win"="c:\program files\NetServer\netserve.exe" [2007-08-31 720896]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-25 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-26 16862720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-14 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2009-5-22 737280]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\NetServer\\netserve.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09/04/2009 03:18 م 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [09/04/2009 03:19 م 731840]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [02/02/2009 01:12 ص 93968]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [22/05/2009 10:23 م 194304]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [22/05/2009 10:23 م 13532]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://98.126.41.234:1999/ReadUid.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-25 15:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-25 15:44
ComboFix-quarantined-files.txt 2009-05-25 22:44
Pre-Run: 30,481,809,408 bytes free
Post-Run: 30,468,317,184 bytes free
190
 
تأييد 0
التقرير الثاني ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:51:17 م, on 25/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [srv32win] C:\Program Files\NetServer\netserve.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [srv32win] C:\Program Files\NetServer\netserve.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8089 bytes
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى