• بادئ الموضوع بادئ الموضوع mbcmbc2007
  • تاريخ البدء تاريخ البدء
  • المشاهدات 771

mbcmbc2007

زيزوومى متألق
إنضم
31 ديسمبر 2007
المشاركات
291
مستوى التفاعل
1
النقاط
360
الإقامة
iraq
غير متصل
اخوان عندما اضغط على الاكسيلور من سطح المكتب لايظهر شي وكانه لم اتصل بانت ولكن عندما افتح صفحه محفوظه سابقا فانه يعمل كما ان برامج التحميل لا تعمل ايضا مع العلم ان الجهاز لا يحتوي على اي فايروس لاني اعد تنصيبه بدون اي خطأ لاني والحمد لله اعرف الفورمات بصوره ممتازه فهل ان المشكله عندي ام من مزود الخدمه نفسه ارجو من اهل الخبره المساعده ولكم كل الود والاحترام
 

( 1 )

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

--------------------------------------------


( 2 )


واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
الف شكر وانشاء الله ما اتعبك وياي استاذي العزيز والف تحيه الك مني
بعد قليل سوف ارفق التقارير لحظرتك وانه الممنون منك
 
ComboFix 08-05-01.3 - ali 05/04/2008 22:26:06.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.633 [GMT 4.5:30]
Running from: G:\kaspr_FINL_H5N1\kasper7.1.321حدث شي\هلا بك اخي الكريم سارفع لك اداه لاصلاح اخطاء الاكسبلورر\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\artools.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
H:\Multiple File Copy.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 17:40 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-04 17:40 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-04 17:40 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-04 17:40 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-04 15:32 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-04 15:32 --------- d-----w C:\Documents and Settings\ali\Application Data\IDM
2008-05-04 15:32 --------- d-----w C:\Documents and Settings\ali\Application Data\DMCache
2008-05-04 14:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-04 13:00 --------- d-----w C:\Program Files\MP3Gain
2008-05-04 12:00 --------- d-----w C:\Program Files\USB Game Controller
2008-05-04 11:53 --------- d-----w C:\Program Files\WIDCOMM
2008-05-04 11:18 --------- d-----w C:\Program Files\AnMing
2008-05-04 11:16 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-04 11:16 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-04 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-04 11:16 --------- d-----w C:\Documents and Settings\ali\Application Data\Nokia
2008-05-04 11:15 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-04 11:15 --------- d-----w C:\Program Files\DIFX
2008-05-04 11:15 --------- d-----w C:\Documents and Settings\ali\Application Data\PC Suite
2008-05-04 11:14 --------- d-----w C:\Program Files\Nokia
2008-05-04 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-05-04 10:44 --------- d-----w C:\Documents and Settings\ali\Application Data\Media Player Classic
2008-05-04 10:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-04 10:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-04 10:42 --------- d-----w C:\Program Files\Real
2008-05-04 10:42 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-04 10:42 --------- d-----w C:\Program Files\Common Files\Real
2008-05-04 10:12 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-04 10:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-04 10:06 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-04 10:06 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-04 10:03 --------- d-----w C:\Program Files\D-Link
2008-05-04 10:03 --------- d-----w C:\Program Files\ANI
2008-05-04 09:56 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-04 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 09:56 --------- d-----w C:\Program Files\Realtek
2008-05-04 09:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-04 09:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-04 09:36 --------- d-----w C:\Program Files\MSN Messenger
2008-05-04 09:26 --------- d-----w C:\Program Files\Real_SC
2008-05-04 09:20 --------- d-----w C:\Program Files\QuickTime
2008-05-04 09:19 --------- d-----w C:\Program Files\Xilisoft
2008-05-04 09:15 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-05-04 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 09:15 --------- d-----w C:\Documents and Settings\ali\Application Data\URSoft
2008-05-04 09:14 --------- d-----w C:\Program Files\Google
2008-05-04 09:14 --------- d-----w C:\Program Files\FlashGet
2008-05-04 09:12 --------- d-----w C:\Program Files\WinASO
2008-05-04 09:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 08:58 --------- d-----w C:\Program Files\Java
2008-05-04 08:58 --------- d-----w C:\Program Files\Common Files\Java
2008-05-04 08:55 --------- d-----w C:\Documents and Settings\ali\Application Data\Ahead
2008-05-04 08:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-04 08:52 --------- d-----w C:\Program Files\Nero
2008-05-04 08:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-04 07:59 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-04 07:58 --------- d-----w C:\Program Files\TUGZip
2008-05-04 07:58 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-04 07:53 --------- d-----w C:\Program Files\System
2008-05-04 07:53 --------- d-----w C:\Program Files\RocketDock
2008-02-15 15:12 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
.
------- Sigcheck -------
10/11/2007 07:53 PM 577536 8f4e17963c680b3f705215487fad9c88 C:\WINDOWS\system32\user32.dll
10/07/2007 03:59 AM 2227584 9140f8cde80c7ab687b10f3e402625d7 C:\WINDOWS\system32\ntkrnlpa.exe
10/09/2007 08:15 AM 2364032 ccbd7abf57f5d99a6544bfd7403ed2c8 C:\WINDOWS\system32\ntoskrnl.exe
10/02/2007 05:19 PM 1844736 923a7a6a68f3428123c20970d57c55e3 C:\WINDOWS\explorer.exe
09/27/2007 04:10 PM 40448 e00dfa816fa5521eb44c5d63109de2a9 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [09/27/2007 04:10 PM 40448]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/04/2008 01:44 PM 171448]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [04/29/2008 11:54 PM 929200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [10/05/2006 08:56 PM 280779]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/07/2007 03:30 AM 8523776]
"nwiz"="nwiz.exe" [11/07/2007 03:30 AM 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/07/2007 03:30 AM 81920]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 03:00 PM 16855552 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [10/11/2007 07:34 AM 1826816 C:\WINDOWS\SkyTel.exe]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [06/16/2006 10:24 AM 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [06/01/2006 04:59 PM 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [12/18/2007 12:43 AM 227856]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [09/25/2007 12:40 PM 2007088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/04/2008 03:12 PM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [09/27/2007 04:10 PM 40448]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [ ]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/27/2007 03:58 PM 1744896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [10/07/2007 02:45 AM 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54 610365]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 02/12/2007 12:19 PM 1050112 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:54 PM 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/12/2006 03:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 03/23/2007 01:20 PM 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]
--a------ 09/24/2007 09:29 PM 46080 C:\WINDOWS\copyfstq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 02/12/2007 12:23 PM 1620480 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 05/04/2008 01:44 PM 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 05/04/2008 03:12 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [05/11/2006 01:11 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-04 22:29:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 05/04/2008 22:30:07
ComboFix-quarantined-files.txt 2008-05-04 18:00:06
Pre-Run: 14,092,107,776 bytes free
Post-Run: 14,101,544,960 bytes free
171
هذا اول تقرير من الاداه الاولى ولكن الجهاز لم يعمل رستارت
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:40 م, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\kaspr_FINL_H5N1\الانترنت اكسبلورر 7 نسخه نهائيه ) شرح بالصور ( تركيب + اعدادات خاصه للغة العربيه )\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: get] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8037 bytes

وهذا تعقري الهايجاك يا استاذي العزيز وانتظر مساعدتك ولساني يعجز عن الشكر والامتنان الله ايبارك في عمرك
 
ComboFix 08-05-01.3 - ali 05/04/2008 22:47:21.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.629 [GMT 4.5:30]
Running from: C:\Documents and Settings\ali\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 17:40 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-04 17:40 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-04 17:40 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-04 17:40 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-04 15:32 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-04 15:32 --------- d-----w C:\Documents and Settings\ali\Application Data\IDM
2008-05-04 15:32 --------- d-----w C:\Documents and Settings\ali\Application Data\DMCache
2008-05-04 14:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-04 13:00 --------- d-----w C:\Program Files\MP3Gain
2008-05-04 12:00 --------- d-----w C:\Program Files\USB Game Controller
2008-05-04 11:53 --------- d-----w C:\Program Files\WIDCOMM
2008-05-04 11:18 --------- d-----w C:\Program Files\AnMing
2008-05-04 11:16 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-04 11:16 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-04 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-04 11:16 --------- d-----w C:\Documents and Settings\ali\Application Data\Nokia
2008-05-04 11:15 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-04 11:15 --------- d-----w C:\Program Files\DIFX
2008-05-04 11:15 --------- d-----w C:\Documents and Settings\ali\Application Data\PC Suite
2008-05-04 11:14 --------- d-----w C:\Program Files\Nokia
2008-05-04 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-05-04 10:44 --------- d-----w C:\Documents and Settings\ali\Application Data\Media Player Classic
2008-05-04 10:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-04 10:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-04 10:42 --------- d-----w C:\Program Files\Real
2008-05-04 10:42 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-04 10:42 --------- d-----w C:\Program Files\Common Files\Real
2008-05-04 10:12 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-04 10:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-04 10:06 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-04 10:06 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-04 10:03 --------- d-----w C:\Program Files\D-Link
2008-05-04 10:03 --------- d-----w C:\Program Files\ANI
2008-05-04 09:56 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-04 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 09:56 --------- d-----w C:\Program Files\Realtek
2008-05-04 09:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-04 09:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-04 09:36 --------- d-----w C:\Program Files\MSN Messenger
2008-05-04 09:26 --------- d-----w C:\Program Files\Real_SC
2008-05-04 09:20 --------- d-----w C:\Program Files\QuickTime
2008-05-04 09:19 --------- d-----w C:\Program Files\Xilisoft
2008-05-04 09:15 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-05-04 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 09:15 --------- d-----w C:\Documents and Settings\ali\Application Data\URSoft
2008-05-04 09:14 --------- d-----w C:\Program Files\Google
2008-05-04 09:14 --------- d-----w C:\Program Files\FlashGet
2008-05-04 09:12 --------- d-----w C:\Program Files\WinASO
2008-05-04 09:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 08:58 --------- d-----w C:\Program Files\Java
2008-05-04 08:58 --------- d-----w C:\Program Files\Common Files\Java
2008-05-04 08:55 --------- d-----w C:\Documents and Settings\ali\Application Data\Ahead
2008-05-04 08:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-04 08:52 --------- d-----w C:\Program Files\Nero
2008-05-04 08:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-04 07:59 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-04 07:58 --------- d-----w C:\Program Files\TUGZip
2008-05-04 07:58 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-04 07:53 --------- d-----w C:\Program Files\System
2008-05-04 07:53 --------- d-----w C:\Program Files\RocketDock
2008-02-15 15:12 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
.
------- Sigcheck -------
10/11/2007 07:53 PM 577536 8f4e17963c680b3f705215487fad9c88 C:\WINDOWS\system32\user32.dll
10/07/2007 03:59 AM 2227584 9140f8cde80c7ab687b10f3e402625d7 C:\WINDOWS\system32\ntkrnlpa.exe
10/09/2007 08:15 AM 2364032 ccbd7abf57f5d99a6544bfd7403ed2c8 C:\WINDOWS\system32\ntoskrnl.exe
10/02/2007 05:19 PM 1844736 923a7a6a68f3428123c20970d57c55e3 C:\WINDOWS\explorer.exe
09/27/2007 04:10 PM 40448 e00dfa816fa5521eb44c5d63109de2a9 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [09/27/2007 04:10 PM 40448]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/04/2008 01:44 PM 171448]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [04/29/2008 11:54 PM 929200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [10/05/2006 08:56 PM 280779]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/07/2007 03:30 AM 8523776]
"nwiz"="nwiz.exe" [11/07/2007 03:30 AM 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/07/2007 03:30 AM 81920]
"RTHDCPL"="RTHDCPL.EXE" [10/16/2007 03:00 PM 16855552 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [10/11/2007 07:34 AM 1826816 C:\WINDOWS\SkyTel.exe]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [06/16/2006 10:24 AM 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [06/01/2006 04:59 PM 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [12/18/2007 12:43 AM 227856]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [09/25/2007 12:40 PM 2007088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/04/2008 03:12 PM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [09/27/2007 04:10 PM 40448]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [ ]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/27/2007 03:58 PM 1744896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [10/07/2007 02:45 AM 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54 610365]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 02/12/2007 12:19 PM 1050112 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:54 PM 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/12/2006 03:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 03/23/2007 01:20 PM 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]
--a------ 09/24/2007 09:29 PM 46080 C:\WINDOWS\copyfstq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 02/12/2007 12:23 PM 1620480 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 05/04/2008 01:44 PM 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 05/04/2008 03:12 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [05/11/2006 01:11 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-05-04 22:49:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 05/04/2008 22:50:33
ComboFix-quarantined-files.txt 2008-05-04 18:20:32
ComboFix2.txt 2008-05-04 18:00:10
Pre-Run: 14,104,231,936 bytes free
Post-Run: 14,097,334,272 bytes free
164


عفوا استاذي العزيز في التقرير الاول لم انسخ الاداة الى سطح المكتب ارجو المعذره اسف جدا
 
الله يبارك فيك ويسلمك



قفل متصفح الانترنت
وباستخدام البرنامج Hijack This اللي عملت فيه التقرير
اعمل فحص جديد واشر على هذه القيم >>> واضغط على Fix Checked


O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')


O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')



وهذا شرح للعمليه (( القيم غير حقيقيه اللهم للشرح ))
wh_28637394.png
 
بعد السابق
اعد تشغيل جهازك

وشوف المشكله موجوده او اختفت
 
عودة
أعلى