سكورتي هارد ديسك..!!!!!!!

ط

طآغي النظرهـ

زيزوومى محترف
إنضم
2 ديسمبر 2008
المشاركات
2,329
مستوى التفاعل
339
النقاط
770
الإقامة
Hotmail Company
غير متصل
السـ عليكم وٍرٍحمــة آلله وٍبرٍكآإْتـة ـلآإْم

عندي مشكله عجزت لـ آحلهآ آلآ وهـــي :-


آول مآشغل الجهاز تطلع لي صفحه مكتوب فيهآ سكورتي هارد ديسك قبل لايتم تشغيل الجهاز طبعا

ابغى حل لهالمشكله تكفووون أبي الغيه تمآمآ...


وشكرآ لكم
 

توقيع : طآغي النظرهـ
ترتيب حسب التاريخ ترتيب حسب الأصوات
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد 0
آسف جدآ ع التآخير بسبب آنقطآع الاتصآل عندي سوري جدآ جدآ
 
توقيع : طآغي النظرهـ
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:14:25 ص, on 01/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\PLFSetL.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\ALGAZL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{99A0F407-B2C8-4948-9FE5-FCE0020E59C4}: NameServer = 192.168.1.1
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 5691 bytes
 
توقيع : طآغي النظرهـ
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : AbOdy
تأييد 0
ComboFix 09-07-31.04 - ALGAZLAH HACKER 08/01/2009 8:43.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1978.1448 [GMT 3:00]
Running from: c:\documents and settings\ALGAZLAH HACKER\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\Desktop_.ini

.
((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-08-01 05:14 . 2009-08-01 05:14 -------- d-----w- c:\program files\Trend Micro
2009-08-01 04:40 . 2009-08-01 04:47 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Application Data\Passware
2009-08-01 04:38 . 2009-08-01 04:47 -------- d-----w- c:\windows\LastGood
2009-08-01 04:14 . 2009-08-01 04:14 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Local Settings\Application Data\DFX
2009-08-01 03:57 . 2009-08-01 03:57 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Local Settings\Application Data\Help
2009-08-01 03:41 . 2006-03-17 00:38 28672 ------w- c:\windows\system32\verclsid.exe
2009-08-01 03:38 . 2009-08-01 03:38 -------- d-----w- c:\program files\No-IP
2009-08-01 03:25 . 2009-08-01 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-08-01 03:16 . 2009-08-01 03:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-01 03:14 . 2009-08-01 03:14 -------- d-sh--w- c:\documents and settings\ALGAZLAH HACKER\IETldCache
2009-08-01 03:08 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-01 03:08 . 2009-08-01 03:08 -------- d-----w- c:\program files\AskBarDis
2009-08-01 03:07 . 2009-08-01 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2009-08-01 03:07 . 2009-08-01 03:07 -------- d-----w- c:\program files\DFX
2009-08-01 03:07 . 2009-08-01 03:07 -------- d-----w- c:\program files\Common Files\DFX
2009-08-01 03:07 . 2009-08-01 03:07 818 ----a-w- c:\windows\unins000.dat
2009-08-01 03:07 . 2009-08-01 03:07 686858 ----a-w- c:\windows\unins000.exe
2009-08-01 03:05 . 2009-08-01 03:05 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-01 03:05 . 2009-08-01 03:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-01 03:05 . 2009-08-01 03:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-01 03:05 . 2009-08-01 03:05 -------- d-----w- c:\program files\Common Files\Real
2009-08-01 03:05 . 2009-08-01 03:05 -------- d-----w- c:\program files\Real
2009-08-01 02:48 . 2009-07-19 15:43 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-01 02:48 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-01 02:48 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-01 02:48 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-01 02:48 . 2009-07-03 16:55 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-01 02:48 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-01 02:48 . 2009-08-01 02:48 -------- d-----w- c:\windows\ie8updates
2009-08-01 02:48 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-01 02:46 . 2009-08-01 02:47 -------- d-----w- c:\windows\system32\ar-SA
2009-08-01 02:46 . 2009-08-01 02:47 -------- dc-h--w- c:\windows\ie8
2009-08-01 02:19 . 2009-08-01 02:19 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Local Settings\Application Data\Identities
2009-08-01 02:17 . 2009-08-01 02:17 112144 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys
2009-08-01 02:17 . 2009-08-01 02:17 25104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
2009-08-01 02:16 . 2009-08-01 02:17 772624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
2009-08-01 02:16 . 2009-08-01 02:16 150032 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
2009-08-01 02:16 . 2009-08-01 02:16 354832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 05:47 . 2009-07-31 23:37 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Application Data\DMCache
2009-08-01 05:47 . 2009-08-01 00:20 130848 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-01 05:46 . 2009-08-01 00:20 1560864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-01 05:28 . 2009-07-31 23:35 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Application Data\Paltalk
2009-08-01 05:26 . 2009-07-31 23:35 -------- d-----w- c:\program files\Paltalk Messenger
2009-08-01 04:37 . 2001-09-19 12:00 40180 ----a-w- c:\windows\system32\perfc001.dat
2009-08-01 04:37 . 2001-09-19 12:00 251750 ----a-w- c:\windows\system32\perfh001.dat
2009-08-01 04:36 . 2009-07-31 23:37 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Application Data\IDM
2009-08-01 04:34 . 2009-07-31 23:33 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Application Data\shimmedia
2009-08-01 04:34 . 2009-08-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-01 04:33 . 2009-07-31 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Poll Copy Size Bin
2009-08-01 04:32 . 2009-08-01 00:20 24020 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-01 04:32 . 2009-08-01 00:20 13112 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-01 02:17 . 2007-10-31 10:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-01 02:17 . 2009-08-01 00:20 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-01 02:17 . 2009-08-01 00:20 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-01 01:35 . 2009-08-01 01:35 198064 ----a-w- c:\documents and settings\ALGAZLAH HACKER\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-08-01 01:26 . 2009-08-01 01:26 6345 ----a-w- c:\program files\un_Internet Download Manager_16575.txt
2009-08-01 01:26 . 2009-07-31 23:37 -------- d-----w- c:\program files\Internet Download Manager
2009-08-01 00:20 . 2009-08-01 00:20 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-01 00:17 . 2009-08-01 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-31 23:41 . 2009-07-31 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-31 23:36 . 2009-07-31 23:36 0 ----a-w- c:\windows\nsreg.dat
2009-07-31 23:34 . 2009-07-31 23:33 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-07-31 23:33 . 2009-07-31 23:33 -------- d-----w- c:\program files\shimmedia
2009-07-31 23:33 . 2009-07-31 23:33 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-31 23:33 . 2009-07-31 23:33 172032 ------w- c:\windows\Setup1.exe
2009-07-31 23:33 . 2009-07-31 23:33 -------- d-----w- c:\program files\Circle Developement
2009-07-31 23:33 . 2009-07-31 23:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-31 23:33 . 2009-07-31 23:33 -------- d-----w- c:\program files\Windows Live
2009-07-31 23:33 . 2009-07-31 23:32 -------- d-----w- c:\program files\MSN Messenger
2009-07-31 23:33 . 2009-07-31 22:57 110912 ----a-w- c:\documents and settings\ALGAZLAH HACKER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 22:55 . 2009-07-31 22:55 -------- d-----w- c:\program files\Intel
2009-07-31 22:51 . 2009-07-31 22:51 -------- d-----w- c:\program files\Realtek
2009-07-31 22:51 . 2009-07-31 22:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 22:50 . 2009-07-31 22:49 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-31 22:49 . 2009-07-31 22:49 -------- d-----w- c:\program files\Synaptics
2009-07-31 22:49 . 2009-07-31 22:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-07-31 22:49 . 2009-07-31 22:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-31 22:48 . 2009-07-31 22:48 -------- d-----w- c:\program files\Apoint2K
2009-07-31 22:48 . 2009-07-31 22:48 -------- d-----w- c:\program files\Launch Manager
2009-07-31 22:46 . 2009-07-31 22:44 -------- d-----w- c:\program files\Broadcom
2009-07-31 22:43 . 2009-07-31 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Broadcom
2009-07-31 22:43 . 2009-07-31 22:43 -------- d-----w- c:\program files\Atheros
2009-07-31 22:43 . 2009-07-31 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-07-31 22:42 . 2009-07-31 22:42 -------- d-----w- c:\program files\Common Files\SNP2UVC
2009-07-31 22:42 . 2009-07-31 22:42 -------- d-----w- c:\documents and settings\ALGAZLAH HACKER\Application Data\InstallShield
2009-07-31 22:41 . 2009-07-31 22:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 22:34 . 2009-07-31 22:34 -------- d-----w- c:\program files\microsoft frontpage
2009-07-31 22:33 . 2009-07-31 22:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-31 22:31 . 2009-07-31 22:31 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-03 16:55 . 2004-08-03 21:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:00 . 2009-06-26 16:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:53 . 2004-08-03 21:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-09-19 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:25 . 2004-08-03 21:55 1288704 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:42 . 2004-08-03 21:55 344064 ----a-w- c:\windows\system32\localspl.dll
2008-09-28 19:00 . 2009-08-01 01:26 439440 ----a-w- c:\program files\un_Internet Download Manager_16575.exe
2008-07-03 02:02 . 2009-07-31 23:36 134144 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 15:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-03 2794928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-17 862728]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1032192]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-01 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-01-13 18084864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-30 11536384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15963:TCP"= 15963:TCP:Turkojan 4.0
"15963:UDP"= 15963:UDP:Turkojan 4.0

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 01:28 م 24592]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/08/2009 01:50 ص 38912]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [01/08/2009 01:48 ص 26144]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/08/2009 01:51 ص 1684736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - APPMGMT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {99A0F407-B2C8-4948-9FE5-FCE0020E59C4} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\ALGAZLAH HACKER\Application Data\Mozilla\Firefox\Profiles\zae4ldyu.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13812&gct=&gc=1&q=
FF - component: c:\documents and settings\ALGAZLAH HACKER\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-01 08:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1096)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1152)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
Completion time: 2009-08-01 8:48
ComboFix-quarantined-files.txt 2009-08-01 05:48

Pre-Run: 44,720,975,872 bytes free
Post-Run: 44,776,689,664 bytes free

213 --- E O F --- 2009-08-01 04:48
 
توقيع : طآغي النظرهـ
تأييد 0
هاجيك جديد لاهنت ..
 
توقيع : KoNaMi
تأييد 0
تحملوني أخواني لان الاتصال مو صاحي سوري جدا ع التاخير انا اسف بقووووووووووه
 
توقيع : طآغي النظرهـ
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:13 ص, on 02/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\PLFSetL.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\ALGAZL~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{99A0F407-B2C8-4948-9FE5-FCE0020E59C4}: NameServer = 192.168.1.1
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

--
End of file - 6078 bytes
 
توقيع : طآغي النظرهـ
تأييد 0
وين رحتوا تكفووووووووووووووون عجلوا علي بآلحل
 
توقيع : طآغي النظرهـ
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى