[تم الحل] مشكـلة : انخفاض سعة الهاردسك من 80 g الى g 18 بدون سبب , ارجوكم ساعدوني

[فارس الحجاز]

السـلام عليكم ورحمـة الله وبركـاته ..

كيـف حـالكم يـا حلـوين ؟

ان شـاء اللـه تكـونوا كلكـم بخـير ..

أعــاني من مشكـلة لا أدري مـا هو مصــدرها ( فيـروس / خـطأ / اعــدادات ) ..
المـهم , المشـكلة أتعـبتـني كثـيراً ..

المشكــلة هـي ان القــرص الصـلب عنـدي يبـلغ حجمـه 80 جـيجا بايت ..
لكـن بعـد المشكـلة أصبـح 18 جـيجا بايت .. وكـل بـعد مـدة بسـيطة يخـبرني أن المسـاحة لا تكـفي ..

المشكـلة حصـلت معـي وحصـلت مع جهـاز أخـي حيـث تحـولت المسـاحة من 80 الـى 22 جيجـا بايت ..

عمـلت فحـص عـن الفيــروسات ولكـن لم يكتـشف الفحـص شيئـاً ..
( تـم الفحـص Windows Live OneCare safety scanne وكان Online )
( فحـصت أيضـاً بـ Avira Premium Security Suite ) ..


الأقـراص الصـلبة ( C / D / E / F ) جمـيعها منخـفضة ولـيس الـ C لـوحده ..

للتـوضيح أكثـر حـول المشكـلة :

جمـيع الأقـراص الحجــم الاجمـالي لكـل واحـد منهـم 80 جيجا بايت ..
بمعنــى تستطـيع أن تضـع ملفـات كثيـرة بأحجـام مختـلفة الـى أن تصـل 80 جيجا فقـط ..
طبعـاً هـذا للقـرص الـواحد , وهنــاك 4 أقـراص أي 4×80 = 320 جيجا هـذه مسـاحة جهـازي كاملة ..
لكـن المشكـلة ان الاقـراص انخفـض حجمهـا الاجمالي الى أن وصـل 18 جيجـا لكـل قرص ..
أي اصبحـت سعة جهـازي التخـزينية 4×18 = 72 جيجا ..



هــل هنـاك أحـداً منكـم يمـلك حـلاً لهـذه المشكـلة ؟

بإذن اللـه يكـون لـديكم الجـواب الشـافي ..

انتظــركم ..
​

 

[kemo_2009]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

​

وايضا قم بالدخول على هذه المواضيع وان شاء الله تستفيد

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

موضوع كامل عن حذف الفيروسات وحل اضرارها

 

[فارس الحجاز]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

​

وايضا قم بالدخول على هذه المواضيع وان شاء الله تستفيد

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شكـراً لك عـلى تفاعلك ..

هـذا هـو التقـرير :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:47 م, on 06/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Rscmpt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YCIII\YankClip.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186843337343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186843303453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://tavanza.com/nph-proxy.pl/010111A/http/fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

--
End of file - 8122 bytes

 

[king_man]

اعمل التقرير من غير كود
​

 

[فارس الحجاز]

تفضـل

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:48:54 م, on 06/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Rscmpt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YCIII\YankClip.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

--
End of file - 8155 bytes

​

 

[king_man]

قم بحذف هذه القيمة :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

طريقة الحذف
​

​

​

بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

عطل برنامج الحمايه واستخدم اداة SmitfraudFix​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

​

​

ثم قم بعمل تقرير هايجاك جديد
​

​

​

 

[فارس الحجاز]

ComboFix 09-06-06.03 - Administrator 06/07/2009 5:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.511.316 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Ultra.dll
c:\windows\system32\VCCLSID.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SERVICEM


((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-05-31 09:54 . 2009-05-31 09:54 390664 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-29 17:41 . 2009-05-29 17:41 2927168 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
2009-05-28 08:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-05-28 08:47 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-05-28 08:47 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-05-28 08:47 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-28 08:47 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-05-28 08:47 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-28 08:47 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-28 08:47 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-05-28 08:47 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-05-28 08:47 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-28 08:47 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-28 08:47 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-28 08:43 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 08:43 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-05-28 08:43 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-05-28 08:38 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-05-28 08:38 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-05-28 08:38 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-28 08:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-05-27 10:22 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-05-26 15:10 . 2008-12-22 08:12 2644135 -c--a-w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\Uniblue DiskRescue.exe
2009-05-26 15:10 . 2008-09-10 15:22 836880 -c--a-w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\B4B74A3\3826204\UBDefrag.DLL
2009-05-26 15:10 . 2008-09-10 15:22 419088 -c--a-w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\F02A138C\3826204\update.dll
2009-05-26 15:10 . 2008-09-10 15:22 3211536 -c--a-w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\1FDE702B\3826204\UBDiskRescue.exe
2009-05-26 15:10 . 2008-09-10 15:22 229648 -c--a-w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\C_\build\AutoBuilds\DR\Installer\Raw\UBDiskRescueSrv.exe
2009-05-26 15:10 . 2008-09-10 15:22 229648 -c--a-w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\49994FF1\3826204\UBDiskRescueSrv.exe
2009-05-26 15:10 . 2008-09-10 15:22 1996048 -c--a-w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\9C335CDE\3826204\UBResdll.dll
2009-05-26 15:07 . 2009-05-26 15:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2009-05-26 15:05 . 2008-12-22 08:23 2567629 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
2009-05-26 15:05 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-05-26 15:05 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-05-26 15:05 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-05-26 15:05 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-05-26 15:05 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-05-26 15:05 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-05-26 15:05 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-05-26 15:05 . 2009-05-26 15:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-05-26 14:57 . 2006-08-01 12:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-05-26 14:55 . 2009-05-26 14:55 -------- d-----w- c:\program files\Realtek AC97
2009-05-26 14:55 . 2006-12-08 12:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-05-26 14:55 . 2006-10-17 23:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-05-26 14:55 . 2006-07-31 08:27 217088 ----a-w- c:\windows\Alcrmv.exe
2009-05-26 14:55 . 2006-07-31 08:19 315392 ----a-w- c:\windows\alcupd.exe
2009-05-26 14:51 . 2009-05-26 14:51 18734784 ----a-w- c:\documents and settings\Administrator\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c5_subsys_240017f25_10_00_6300.exe
2009-05-26 14:39 . 2008-12-22 08:15 2652451 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-05-26 14:39 . 2009-05-26 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-05-26 14:36 . 2009-05-26 14:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-05-24 11:01 . 2008-04-13 21:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-05-24 11:01 . 2008-03-21 10:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-05-24 10:58 . 2009-05-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-05-24 10:58 . 2009-05-24 11:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-05-24 10:58 . 2009-05-24 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-24 10:56 . 2009-05-24 10:32 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara_web.exe
2009-05-24 10:56 . 2009-05-24 10:56 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-24 10:56 . 2009-05-24 10:56 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-24 10:56 . 2009-05-24 10:56 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-24 10:55 . 2009-05-24 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-22 10:55 . 2009-05-22 10:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2009-05-22 10:42 . 2009-05-22 07:31 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-22 10:42 . 2009-05-22 07:31 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-22 10:42 . 2009-05-22 07:31 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-22 10:42 . 2009-05-22 07:31 97480 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-05-22 10:42 . 2009-05-22 07:31 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-05-22 10:42 . 2009-05-22 07:31 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-22 10:42 . 2009-05-22 10:42 -------- d-----w- c:\program files\Avira
2009-05-21 14:38 . 2009-05-21 14:38 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-13 10:00 . 2009-05-13 09:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 09:55 . 2009-05-13 09:55 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 03:04 . 2007-07-02 12:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-06-07 03:03 . 2008-07-19 19:39 28672 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\NP_IDM5.dll
2009-06-07 03:03 . 2007-12-26 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-06-07 03:03 . 2008-07-19 19:39 28672 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\NP_IDM4.dll
2009-06-07 03:03 . 2008-07-19 19:39 28672 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\NP_IDM3.dll
2009-06-07 03:03 . 2008-07-19 19:39 28672 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\NP_IDM2.dll
2009-06-07 03:03 . 2008-07-19 19:39 28672 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\NP_IDM1.dll
2009-06-07 02:38 . 2008-01-22 15:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-07 02:36 . 2007-11-05 11:04 169936 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\FlashGot.exe
2009-06-06 16:00 . 2007-07-02 12:16 131112 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 02:36 . 2007-12-28 08:44 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-05 12:42 . 2008-03-04 13:00 -------- d-----w- c:\program files\uTorrent
2009-06-04 14:14 . 2008-03-04 13:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-06-04 08:32 . 2008-11-16 10:55 -------- d-----w- c:\program files\Easy RealMedia Tools
2009-05-29 17:41 . 2007-12-26 15:45 -------- d-----w- c:\program files\Internet Download Manager
2009-05-28 12:53 . 2008-06-21 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-27 15:27 . 2007-07-12 16:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-26 15:11 . 2007-12-08 12:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-05-26 15:10 . 2007-12-08 12:49 -------- d-----w- c:\program files\Uniblue
2009-05-26 14:55 . 2007-08-05 12:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-24 10:58 . 2009-05-24 10:58 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-24 10:58 . 2009-05-24 10:57 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-24 10:58 . 2009-05-24 10:57 -------- d-----w- c:\program files\Nokia
2009-05-24 10:57 . 2009-05-24 10:57 -------- d-----w- c:\program files\DIFX
2009-05-24 10:57 . 2009-05-24 10:57 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-23 15:44 . 2008-04-09 09:26 -------- d-----w- c:\program files\Flash Saver
2009-05-23 15:41 . 2008-06-28 17:23 -------- d-----w- c:\program files\Hazard Shield
2009-05-22 10:42 . 2008-07-18 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-13 09:57 . 2007-08-15 22:49 -------- d-----w- c:\program files\Java
2009-04-12 16:54 . 2009-04-30 11:10 103424 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-12 16:54 . 2009-04-30 11:10 954368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-12 16:54 . 2009-04-30 11:10 71652 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-12 16:54 . 2009-04-30 11:10 4534272 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-12 16:54 . 2009-04-30 11:10 131868 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-12 16:54 . 2009-04-30 11:09 344064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-12 16:54 . 2009-04-30 11:10 1161626 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-12 16:54 . 2009-04-30 11:10 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-29 932864]
"RAMSaverPro"="c:\program files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe" [2007-10-09 155168]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rscmpt"="c:\windows\system32\Rscmpt.exe" [2002-08-22 481792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-13 148888]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-07-13 753664]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-05-22 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Yankee Clipper III.lnk - c:\program files\YCIII\YankClip.exe [2007-12-26 1368064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-5 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\ExtraTools\\ExtraDNS\\ExtraDNS.dll"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18693:TCP"= 18693:TCP:BitComet 18693 TCP
"18693:UDP"= 18693:UDP:BitComet 18693 UDP
"41969:TCP"= 41969:TCP:BitComet 41969 TCP
"41969:UDP"= 41969:UDP:BitComet 41969 UDP
"8641:TCP"= 8641:TCP:BitComet 8641 TCP
"8641:UDP"= 8641:UDP:BitComet 8641 UDP

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [22/05/2009 01:42 م 97480]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [22/05/2009 01:42 م 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [22/05/2009 01:42 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/05/2009 01:42 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [22/05/2009 01:42 م 432897]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10/09/2008 06:22 م 229648]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [22/05/2009 01:42 م 69632]
R3 EL910;3Com 3CSOHO100B-TX PCI;c:\windows\system32\drivers\EL910N51.sys [02/07/2007 02:46 م 38400]
S2 Stormser;Stormser;c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe --> c:\progra~1\RINGZS~1\STORMC~1\Stormser.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - VICHW00
*Deregistered* - VICHW00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 06:59]

2009-05-26 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

2009-06-07 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 11:44]

2008-10-04 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 11:44]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ce2j0xdj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-07 06:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3c,5c,df,29,0f,05,b8,03,c5,e1,2f,fd,5c,47,24,1b,55,3e,81,a5,46,
26,da,59,38,02,37,95,61,41,5a,85,00,93,65,6e,37,23,a5,15,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d67011e2-1a50-4899-8438-119f18fe0132}]
@Denied: (Full) (Everyone)
"Model"=dword:00000107
"Therad"=dword:0000001a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(852)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-07 6:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-07 03:07

Pre-Run: 1,083,052,032 bytes free
Post-Run: 1,093,271,552 bytes free

265 --- E O F --- 2009-05-28 12:54


هـذا التقـرير الأول ..
التقـرير الثـاني بعـد رجـوعي من الـدوام بإذن اللـه ..
أتمنـى من اللــه أن يـوفقك فـي هـذا اليـوم ..
وفـي جميـع الايـام ..
​

 

[فارس الحجاز]

التقــرير الثـاني :
​

SmitFraudFix v2.419

Scan done at 13:04:37.15, Sun 06/07/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com 3C910 Integrated Fast Ethernet Controller (3CSOHO100B-TX Compatible) - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D7592980-0078-4971-86C5-1937B0AFB74A}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D7592980-0078-4971-86C5-1937B0AFB74A}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D7592980-0078-4971-86C5-1937B0AFB74A}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

تقـرير الهـايجاك :
​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:03, on 07/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

--
End of file - 7881 bytes

 

[king_man]

تفضل اخى حمل هذا البرنامج ان شاء الله يساعدك :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واذا ما نفع :

اضغط يمين جهاز الكمبيوتر

ثم اختر ادارة ثم ادارة الاقراص وشوف النسبة الموجودة والتقسيمات

يمكن يكون عندك جزء في الهارد غير معرف

اعطيه اسم وسويه له دمج بواسطة احد برامج تقسيم الهارد

بالتوفيق



​

 

[فارس الحجاز]

تفضل اخى حمل هذا البرنامج ان شاء الله يساعدك :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واذا ما نفع :

اضغط يمين جهاز الكمبيوتر

ثم اختر ادارة ثم ادارة الاقراص وشوف النسبة الموجودة والتقسيمات

يمكن يكون عندك جزء في الهارد غير معرف

اعطيه اسم وسويه له دمج بواسطة احد برامج تقسيم الهارد

بالتوفيق



​

أعتـقد أنك رأيـت مـوضوعـي في منتـدى اخـر .. واقتبـست الحـلول ..
لكـن البـرنامج الأول لم ينفـع .. والطـريقة الاخـرى لا أعـرف فيهـا شيئـاً ..

أتمنـى من أي شخـص يـدخل المـوضوع يشـاركنا , اذا كـان عنده حـلول ..
​

 

[زيزوووم]

يعيكم العافيه حبايبي ...​

طيب ياغالي ... ممكن عمل تقارير لجهاز اخوك​

هايجاك
+

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

 

[فارس الحجاز]

يعيكم العافيه حبايبي ...​

طيب ياغالي ... ممكن عمل تقارير لجهاز اخوك​

هايجاك
+

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

الحمـد لله ..
كـم أنا محظـظ بقـدوم زيـزوم الى مـوضوعي ..
تفـضل :
​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:10, on 07/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yankee Clipper III.lnk = C:\Program Files\YCIII\YankClip.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

--
End of file - 7999 bytes

 

[فارس الحجاز]

تــم اضـافة تـوضيح أكـثر للذين لم يفهمـوا في المشـاركة الأولى ..
​

 

[زيزوووم]

تسلم ,, والجميع فيهم الخير والبركه

ياغالي متأكد انه جهاز اخوك ؟؟
لأنه نفس تقرير جهازك

ومتى بالضبط حصلت معك المشكله

 

[فارس الحجاز]

تسلم ,, والجميع فيهم الخير والبركه

ياغالي متأكد انه جهاز اخوك ؟؟
لأنه نفس تقرير جهازك

ومتى بالضبط حصلت معك المشكله

اسـف اسـف ..

جـاري عمل تقـرير ..

لا أدري بالضـبط ولم انتبـه الا عنـدما امتـلأ القـرص وطـالبني الجهـاز بتـوفير المسـاحة ..
​

 

[زيزوووم]

يعطيك العافيه

ارجو فتح صندوق الرسائل الخاصه

 

[فارس الحجاز]

هذا الهـايجاك :​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:21:22 م, on 07/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Gogago\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Gogago\YouTube Video Downloader\IELink.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Download Video - {7966A32A-5783-4F0B-824C-09077C023080} - C:\Program Files\Gogago\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {7966A32A-5783-4F0B-824C-09077C023080} - C:\Program Files\Gogago\YouTube Video Downloader\IEPage.html
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 6685 bytes

 

[فارس الحجاز]

تقـرير الاداة :​

ComboFix 09-06-06.04 - Maad 06/07/2009 17:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1013.637 [GMT 3:00]
Running from: c:\documents and settings\Maad\My Documents\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\PATTERN.ttf
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 14:21 . 2009-06-07 14:21 -------- d-----w- c:\program files\Trend Micro
2009-06-05 15:57 . 2009-06-05 15:57 -------- d-----w- c:\windows\system32\LogFiles
2009-06-05 15:55 . 2009-06-05 15:55 -------- d-----w- c:\windows\speech
2009-06-05 15:54 . 2009-06-05 15:55 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-06-05 15:54 . 2009-06-05 15:54 172032 ------w- c:\windows\Setup1.exe
2009-06-05 15:54 . 2009-06-05 15:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-05 15:27 . 2009-06-05 15:27 -------- d-----w- c:\documents and settings\Maad\Local Settings\Application Data\Opera
2009-06-05 15:27 . 2009-06-05 15:27 -------- d-----w- c:\program files\Opera
2009-06-05 15:13 . 2009-06-05 15:13 -------- d-----w- c:\program files\CCleaner
2009-05-28 21:35 . 2009-05-28 21:35 -------- d-----w- c:\documents and settings\Maad\Application Data\Jane s Hotel Family Hero
2009-05-21 19:48 . 2009-05-21 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-05-20 20:36 . 2009-05-20 20:36 -------- d-s---w- c:\documents and settings\Maad\UserData
2009-05-12 14:32 . 2009-05-12 14:32 -------- d-----w- c:\windows\Sun
2009-05-11 08:17 . 2009-05-11 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-05-11 08:16 . 2009-05-11 08:16 -------- d-----w- c:\documents and settings\Maad\Application Data\PlayFirst
2009-05-11 08:16 . 2009-05-11 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-10 19:49 . 2009-05-10 19:49 -------- d-----w- c:\program files\Common Files\Nero
2009-05-10 19:49 . 2009-05-10 19:52 -------- d-----w- c:\program files\Nero 9
2009-05-10 19:47 . 2009-05-12 13:06 -------- d-----w- c:\documents and settings\Maad\Local Settings\Application Data\Adobe
2009-05-10 19:45 . 2009-05-10 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-10 19:45 . 2009-05-10 19:45 -------- d-----w- c:\program files\Yahoo!
2009-05-10 19:44 . 2009-05-10 19:44 -------- d-----w- c:\program files\MSN Messenger
2009-05-10 19:44 . 2009-05-10 19:44 -------- d-----w- c:\program files\Gogago
2009-05-10 19:44 . 2008-06-11 07:41 6294528 ----a-w- c:\windows\system32\MioEncoder1.dll
2009-05-10 19:43 . 2009-05-10 19:43 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-10 19:42 . 2009-05-10 19:42 -------- d-----w- c:\program files\Common Files\Real
2009-05-10 19:42 . 2009-05-10 19:43 -------- d-----w- c:\program files\Real
2009-05-10 19:40 . 2009-05-10 19:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-10 19:39 . 2009-05-10 19:39 -------- d-----w- c:\program files\Nokia
2009-05-10 19:38 . 2009-06-07 14:27 -------- d-----w- c:\program files\ESET
2009-05-10 19:35 . 2009-05-10 19:35 -------- d-----w- c:\documents and settings\Maad\Local Settings\Application Data\Macromedia
2009-05-10 19:34 . 2009-05-10 19:34 45056 ----a-r- c:\documents and settings\Maad\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2009-05-10 19:34 . 2009-05-10 19:34 45056 ----a-r- c:\documents and settings\Maad\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-05-10 19:34 . 2009-05-10 19:34 -------- d-----w- c:\windows\system32\QuickTime
2009-05-10 19:34 . 2009-05-10 19:34 -------- d-----w- c:\program files\Common Files\Macromedia
2009-05-10 19:34 . 2009-05-10 19:34 -------- d-----w- c:\program files\Macromedia
2009-05-10 19:33 . 2009-05-10 19:33 -------- d-----w- c:\windows\Downloaded Installations
2009-05-10 19:31 . 2001-01-12 15:04 46352 ----a-w- c:\windows\setdebug.exe
2009-05-10 19:30 . 2009-05-10 19:30 -------- d-----w- c:\program files\Common Files\Java
2009-05-10 19:30 . 2009-05-10 19:30 -------- d-----w- c:\documents and settings\Maad\Local Settings\Application Data\Sun
2009-05-10 19:30 . 2009-05-25 11:42 -------- d-----w- c:\documents and settings\Maad\Local Settings\Application Data\Google
2009-05-10 19:30 . 2009-06-07 14:24 -------- d-----w- c:\program files\FlashGet
2009-05-10 19:29 . 2009-05-10 19:30 -------- d-----w- c:\program files\Google
2009-05-10 19:29 . 2009-05-10 19:29 -------- d-----w- c:\program files\LingvoSoft
2009-05-10 19:24 . 2009-05-10 19:24 -------- d-----w- c:\program files\WinAVI MP4 Converter
2009-05-10 19:23 . 2009-05-10 19:23 -------- d-----w- c:\program files\All Video Converter
2009-05-10 19:23 . 2009-05-10 19:23 -------- d-----w- c:\program files\All To All AudioConvert
2009-05-10 19:23 . 2009-05-10 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-10 19:23 . 2009-05-10 19:23 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-10 19:23 . 2009-05-10 19:23 -------- d-----w- c:\program files\ACD Systems
2009-05-10 19:22 . 2009-05-10 19:22 -------- d-----w- c:\documents and settings\Maad\Local Settings\Application Data\Downloaded Installations
2009-05-10 19:20 . 2009-05-10 19:20 -------- d-----w- c:\program files\Motorola
2009-05-10 19:20 . 2001-08-17 10:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-05-10 19:20 . 2001-08-17 10:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-05-10 19:20 . 2007-01-29 22:22 196608 ----a-w- c:\windows\system32\sm56co6a.dll
2009-05-10 19:20 . 2007-01-29 22:26 984832 ----a-w- c:\windows\system32\drivers\smserial.sys
2009-05-10 19:20 . 2004-12-29 11:01 73728 ----a-w- c:\windows\system32\sm56co.dll
2009-05-10 19:05 . 2003-06-18 14:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-10 19:05 . 2009-05-10 19:05 -------- d-----w- c:\documents and settings\Maad\Application Data\Media Player Classic
2009-05-10 19:05 . 2009-05-10 19:05 -------- d-----w- c:\program files\Microsoft.NET
2009-05-10 19:04 . 2009-05-10 19:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-10 19:04 . 2009-05-10 19:04 -------- d-----w- c:\documents and settings\Maad\Local Settings\Application Data\ACD Systems
2009-05-10 19:04 . 2009-05-10 19:04 -------- d-----w- c:\documents and settings\Maad\Application Data\ACD Systems
2009-05-10 19:04 . 2009-05-10 19:04 -------- d-----w- c:\windows\SHELLNEW
2009-05-10 19:01 . 2009-05-10 19:01 -------- d--h--r- C:\MSOCache
2009-05-10 19:00 . 2008-01-03 14:10 105856 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2009-05-10 19:00 . 2009-05-10 19:00 -------- d-----w- c:\windows\OPTIONS
2009-05-10 19:00 . 2009-05-10 19:00 -------- d-----w- c:\documents and settings\Maad\Application Data\InstallShield
2009-05-10 18:58 . 2004-08-03 20:07 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-05-10 18:57 . 2008-02-14 09:04 4676096 ------r- c:\windows\system32\drivers\RtkHDAud.sys
2009-05-10 18:57 . 2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe
2009-05-10 18:57 . 2007-06-28 08:44 2165760 ------r- c:\windows\MicCal.exe
2009-05-10 18:57 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-05-10 18:57 . 2009-05-10 19:00 -------- d-----w- c:\program files\Realtek
2009-05-10 18:57 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe
2009-05-10 18:57 . 2009-05-10 18:57 315392 ----a-w- c:\windows\HideWin.exe
2009-05-10 18:57 . 2007-07-26 09:09 520192 ------r- c:\windows\RtlExUpd.dll
2009-05-10 18:57 . 2009-05-10 19:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-10 18:53 . 2009-05-10 19:45 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-10 18:53 . 2009-05-10 18:53 -------- d-----w- c:\program files\Intel
2009-05-10 18:53 . 2007-12-12 07:56 53248 ----a-r- c:\windows\system32\CSVer.dll
2009-05-10 18:53 . 2009-05-10 18:53 -------- d-----w- C:\Intel
2009-05-10 18:53 . 2009-05-10 18:53 -------- d-----w- c:\program files\Browser Configuration Utility
2009-05-10 18:53 . 2008-05-02 12:08 146528 ----a-w- c:\windows\system32\dvmurl.dll
2009-05-10 18:53 . 2009-05-10 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-10 18:51 . 2009-05-10 18:59 16608 ----a-w- c:\windows\gdrv.sys
2009-05-10 18:49 . 2001-08-23 11:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2009-05-10 18:49 . 2001-08-23 11:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-05-10 18:49 . 2001-08-23 11:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2009-05-10 18:49 . 2001-08-23 11:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-05-10 18:49 . 2001-08-23 11:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-05-10 18:49 . 2001-08-23 11:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-05-10 18:49 . 2001-08-23 11:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-05-10 18:49 . 2001-08-23 11:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2009-05-10 18:49 . 2001-08-23 11:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0404.dll
2009-05-10 18:49 . 2001-08-23 11:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-05-10 18:49 . 2001-08-23 11:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0804.dll
2009-05-10 18:46 . 2009-05-10 18:46 -------- d-----w- c:\windows\system32\wbem\MUI
2009-05-10 18:45 . 2003-10-10 12:00 57344 ----a-w- c:\windows\system32\WMErrAra.dll
2009-05-10 18:41 . 2009-05-10 18:41 -------- d-s---w- c:\windows\system32\Microsoft
2009-05-10 18:41 . 2009-05-10 18:41 -------- d-sh--w- c:\documents and settings\LocalService
2009-05-10 18:41 . 2009-05-10 18:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft
2009-05-10 18:21 . 2009-05-10 18:21 -------- d-----w- C:\folder2.0
2009-05-10 18:07 . 2001-08-17 10:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-10 18:07 . 2001-08-17 10:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-10 17:42 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-10 17:42 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 15:22 . 2009-05-10 18:42 195080 ----a-w- c:\documents and settings\Maad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 13:22 . 2009-05-12 13:22 495 ---h--w- C:\Program FilesDesktop.ini
2009-05-10 19:42 . 2009-05-10 19:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-10 19:42 . 2009-05-10 19:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-10 19:32 . 2009-05-10 19:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-10 19:31 . 2009-05-10 19:31 2232 ----a-w- c:\windows\java\Packages\Data\D75BH3RL.DAT
2009-05-10 19:31 . 2009-05-10 19:31 155995 ----a-w- c:\windows\java\Packages\O7FZNFBF.ZIP
2009-05-10 19:31 . 2009-05-10 19:31 2678 ----a-w- c:\windows\java\Packages\Data\X7LR5JJX.DAT
2009-05-10 19:31 . 2009-05-10 19:31 2678 ----a-w- c:\windows\java\Packages\Data\JZNPJTRL.DAT
2009-05-10 19:31 . 2009-05-10 19:31 2678 ----a-w- c:\windows\java\Packages\Data\B9JRRT3F.DAT
2009-05-10 19:31 . 2009-05-10 19:31 2678 ----a-w- c:\windows\java\Packages\Data\AR9B9BV1.DAT
2009-05-10 19:31 . 2009-05-10 19:31 2678 ----a-w- c:\windows\java\Packages\Data\0F5RTR37.DAT
2009-05-10 19:31 . 2009-05-10 19:30 -------- d-----w- c:\program files\Java
2009-05-10 18:46 . 2009-05-10 07:59 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-10 08:06 . 2009-05-10 08:06 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-05-10 08:06 . 2009-05-10 08:06 298104 ----a-w- c:\windows\system32\imon.dll
2009-05-10 08:06 . 2009-05-10 08:06 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-05-10 08:01 . 2009-05-10 08:01 -------- d-----w- c:\program files\microsoft frontpage
2009-05-10 07:57 . 2009-05-10 07:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-10 07:56 . 2009-05-10 07:56 -------- d-----w- c:\program files\Windows Media Connect 2
.

------- Sigcheck -------

[-] 2006-08-15 23:28 2058368 D20855E9A650415E4F65E0CE249839BD c:\windows\system32\ntkrnlpa.exe

[-] 2007-12-31 14:00 1580544 6E266AAF4168B3569A330C61AB01F6B4 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2005-11-23 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 49263]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-10 185896]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-10 949376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [10/05/2009 11:06 ص 15424]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Device Detector - DevDetect.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download Video on This Page - c:\program files\Gogago\YouTube Video Downloader\IEPage.html
IE: Download Video This Links To - c:\program files\Gogago\YouTube Video Downloader\IELink.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{7966A32A-5783-4F0B-824C-09077C023080} - c:\program files\Gogago\YouTube Video Downloader\IEPage.html
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-07 17:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\imon.dll
.
Completion time: 2009-06-07 17:31
ComboFix-quarantined-files.txt 2009-06-07 14:31

Pre-Run: 24,585,543,680 bytes free
Post-Run: 24,726,859,776 bytes free

228

 

[فارس الحجاز]

للأسـف عـزيزي زيزووم لا أستـطيـع أن ارسـل لك رســالة خـاصة .. بسبب قــلة الـردود ..
​

 

[زيزوووم]

تسلم ..

المشكله مخلفات ملفات مؤقته تبقى في جهازك ولا تحذف

ولإكتشاف هذه الملفات استخدم خاصية البحث للويندوز
مع تفعيل خيار البحث بالملفات المخفيه + ملفات النظام

وتحديد البحث بالتاريخ >>> أخنر آخر شهر
وتحديد البحث بالحجم >>> اختر اكبر من 1 ميقا

بعدها اضغط على بحث
انتظر حتى تظهر لك القائمه وشوف اكبر حجم للملف
وانسخ رابطه وضعه هنا مع ذكر الحجم