مشكله فى التحميل

[Ratio]

السلام عليكم

اخوانى لدي مشكله غريبه جدا , وهي ..

عند تحميل أي شي من منتدى أو موقع أو حتى من موقع ميكروسوفت أو أي ملف يعطينى Error
حتى التحديث للحمايه يعطى Error ولا يتم التحديث ( مشكله غريبه ) !
فأتمنى الحل بارك الله فيكم

 

[Ratio]

ملاحظه بارك الله فيكم : عند التحميل من موقع رابيد شير أو 4shared لا يوجد أي مشاكل فى التحميل !

ولكن من مواقع وتحديث من برامج يعنطينى Error

 

[samirzehani]

1
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

 

[Ratio]

اسف جدا عالتاخير ...

سوف اعمل بطريقتك الان , بارك الله فيك

 

[Ratio]

التقرير ...


ComboFix 08-12-07.04 - Administrator 2008-12-09 18:35:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.965.1033.18.275 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\autorun.inf
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp2.tmp
C:\resycled
c:\resycled\boot.com
c:\windows\Temp\tmp3.tmp
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NETCOM3
-------\Service_Netcom3

((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.
2008-12-09 00:47 . 2008-12-09 00:47 96,645 --a------ c:\windows\system32\drivers\klin.dat
2008-12-09 00:47 . 2008-12-09 00:47 87,941 --a------ c:\windows\system32\drivers\klick.dat
2008-12-09 00:46 . 2008-12-09 00:46 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-09 00:46 . 2008-12-09 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-08 02:30 . 2008-12-08 02:30 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2008-12-08 02:16 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\ieencode.dll
2008-12-08 02:16 . 2007-08-13 18:45 78,336 --a--c--- c:\windows\system32\dllcache\ieencode.dll
2008-12-08 00:36 . 2008-12-08 00:45 <DIR> d-------- c:\documents and settings\Administrator\.housecall6.6
2008-12-07 16:07 . 2008-12-08 11:46 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-07 00:30 . 2008-12-07 00:30 32,160 --ah----- c:\windows\system32\mlfcache.dat
2008-12-07 00:28 . 2008-12-07 00:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-07 00:27 . 2008-12-07 00:27 <DIR> d-------- c:\program files\Safari
2008-12-06 00:59 . 2008-12-06 00:59 <DIR> d-------- c:\program files\Opera
2008-12-05 14:37 . 2008-12-06 12:36 <DIR> d-------- c:\program files\Microsoft IEAK 7
2008-12-05 14:37 . 2008-12-05 14:37 <DIR> d--h----- C:\msdownld.tmp
2008-12-05 14:37 . 2008-12-05 14:37 <DIR> d-------- C:\builds
2008-12-04 19:51 . 2008-12-08 23:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2008-12-04 12:31 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-03 10:53 . 2008-12-03 10:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-03 10:51 . 2008-12-03 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-12-03 10:50 . 2008-12-03 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-02 21:14 . 2008-12-02 21:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-30 18:46 . 2008-12-08 21:45 153 --a------ c:\windows\cavscan.INI
2008-11-30 15:56 . 2008-11-30 16:09 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-29 11:09 . 2008-11-29 11:09 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-29 11:09 . 2008-11-29 11:09 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-29 11:09 . 2008-11-29 11:09 <DIR> d-------- c:\program files\MSBuild
2008-11-29 11:07 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-29 10:59 . 2008-11-29 10:59 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-27 15:23 . 2008-11-27 15:23 <DIR> d-------- C:\scscc20
2008-11-26 13:02 . 2008-12-09 11:37 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-26 12:43 . 2007-03-29 15:56 7,168 -----c--- c:\windows\system32\dllcache\bitsprx4.dll
2008-11-26 12:43 . 2007-03-29 15:56 7,168 --------- c:\windows\system32\bitsprx4.dll
2008-11-25 16:56 . 2008-11-25 17:51 0 --a------ C:\IAX_OUT.DAT
2008-11-25 16:56 . 2008-11-25 17:51 0 --a------ C:\IAX_IN.DAT
2008-11-25 02:50 . 2008-11-25 02:50 <DIR> d-------- c:\program files\Zone Labs(3)
2008-11-25 02:28 . 2007-10-04 17:14 136,260 --a------ c:\windows\system32\nvapps.nvb
2008-11-24 16:19 . 2008-11-24 16:19 <DIR> d-------- c:\program files\HD Tune
2008-11-23 22:50 . 2004-08-03 22:56 96,768 --a--c--- c:\windows\system32\dllcache\dpcdll.dll
2008-11-23 22:39 . 2006-12-29 00:31 19,569 --a------ c:\windows\002856_.tmp
2008-11-23 22:36 . 2004-08-03 20:33 4,190,352 --a--c--- c:\windows\system32\dllcache\luna.mst
2008-11-23 22:35 . 2004-08-03 22:56 8,384,000 --a------ c:\windows\system32\SET5DA.tmp
2008-11-22 23:56 . 2008-12-01 22:36 <DIR> d-------- c:\windows\system32\ZoneLabs
2008-11-20 16:42 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2008-11-20 16:42 . 2001-08-17 13:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys
2008-11-20 16:41 . 2008-11-20 16:41 <DIR> d-------- c:\program files\CONEXANT
2008-11-12 16:31 . 2008-10-24 14:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 16:30 . 2008-09-04 19:42 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 04:53 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2008-11-10 19:42 . 2008-12-01 20:49 1,720 --a------ C:\rollback.ini
2008-11-10 19:00 . 2008-11-10 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-10 19:00 . 2008-12-01 20:13 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-11-10 16:58 . 2008-11-12 03:34 <DIR> d-------- c:\documents and settings\Administrator\Downloads
2008-11-10 16:50 . 2008-11-20 17:48 732,200 --a------ C:\WindowsXP-KB943232-x86-ENU.exe
2008-11-10 15:47 . 2008-12-01 22:36 <DIR> d-------- c:\windows\Internet Logs
2008-11-10 15:15 . 2008-11-23 23:23 <DIR> d-------- c:\program files\CheckPoint
2008-11-10 15:15 . 2008-11-24 13:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CheckPoint
2008-11-10 15:15 . 2008-11-14 00:04 224 --a------ c:\windows\system32\lkfl.dat
2008-11-10 15:15 . 2008-11-24 13:03 96 --a------ c:\windows\system32\pdfl.dat
2008-11-10 15:15 . 2008-11-10 15:15 80 --a------ c:\windows\system32\ibfl.dat
2008-11-09 08:57 . 2008-11-09 08:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH
2008-11-09 08:57 . 2008-11-09 08:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GRETECH
2008-11-09 08:56 . 2008-11-09 08:56 <DIR> d-------- c:\program files\GRETECH
2008-11-09 08:17 . 2008-11-09 08:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TigerPlayer
2008-11-09 01:15 . 2006-12-28 22:01 19,569 --a------ c:\windows\002859_.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 22:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 10:17 --------- d-----w c:\program files\COMODO
2008-12-06 10:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-12-04 16:42 --------- d-----w c:\documents and settings\Administrator\Application Data\mIRC
2008-12-04 14:51 --------- d-----w c:\program files\mIRC
2008-12-03 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2008-12-03 15:46 --------- d-----w c:\documents and settings\Administrator\Application Data\Webroot
2008-12-03 14:51 164 ----a-w C:\install.dat
2008-12-02 19:13 249,592 ----a-w c:\windows\system32\cssdll32.dll
2008-11-26 10:41 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 12:51 --------- d-----w c:\program files\F-Secure Internet Security
2008-11-10 12:09 --------- d-----w c:\documents and settings\All Users\Application Data\f-secure
2008-11-09 05:13 --------- d-----w c:\program files\MpcStar
2008-11-08 11:50 --------- d-----w c:\documents and settings\All Users\Application Data\fssg
2008-11-08 11:50 --------- d-----w c:\documents and settings\Administrator\Application Data\Comodo
2008-11-07 06:22 --------- d-----w c:\documents and settings\Administrator\Application Data\F-Secure
2008-11-06 20:32 --------- d-----w c:\program files\Netcom3 Cleaner
2008-11-06 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Backup
2008-11-05 11:06 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-03 16:55 --------- d-----w c:\program files\G DATA
2008-11-03 16:55 --------- d-----w c:\program files\Common Files\G DATA
2008-11-03 16:54 --------- d-----w c:\documents and settings\All Users\Application Data\G DATA
2008-11-03 16:24 68,296 ----a-w c:\windows\system32\drivers\GRD.sys
2008-11-03 04:36 --------- d-----w c:\program files\Win32api
2008-11-03 04:01 50,888 ----a-w c:\windows\system32\drivers\MiniIcpt.sys
2008-11-03 04:00 50,888 ----a-w c:\windows\system32\drivers\GDTdiIcpt.sys
2008-11-03 04:00 22,272 ----a-w c:\windows\system32\drivers\GDNdisIc.sys
2008-11-01 18:59 --------- d-----w c:\program files\Foxit Software
2008-11-01 18:57 --------- d-----w c:\documents and settings\Administrator\Application Data\Nitro PDF
2008-11-01 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Nitro PDF
2008-11-01 15:03 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-01 14:44 --------- d-----w c:\program files\Armor2net
2008-10-31 20:24 --------- d-----w c:\program files\Soft4Ever
2008-10-30 20:47 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-10-27 16:49 --------- d-----w c:\program files\Windows Live
2008-10-27 16:48 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-27 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-26 12:33 --------- d-----w c:\documents and settings\Administrator\Application Data\OpenOffice.org
2008-10-26 11:40 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-26 11:40 --------- d-----w c:\program files\JRE
2008-10-26 11:39 --------- d-----w c:\program files\Java
2008-10-26 11:38 --------- d-----w c:\program files\Common Files\Java
2008-10-24 13:58 --------- d-----w c:\program files\MSXML 4.0
2008-10-24 12:47 --------- d-----w c:\program files\UniTicker
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-24 07:31 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-10-24 05:30 --------- d-----w c:\program files\TD AMERITRADE
2008-10-24 05:23 --------- d-----w c:\program files\Dialer
2008-10-24 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-24 05:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-23 20:06 --------- d-----w c:\program files\Realtek Sound Manager
2008-10-23 20:06 --------- d-----w c:\program files\Realtek AC97
2008-10-23 20:06 --------- d-----w c:\program files\AvRack
2008-10-23 20:02 --------- d-----w c:\program files\VIA
2008-10-23 20:00 --------- d-----w c:\documents and settings\Administrator\Application Data\InterTrust
2008-10-23 19:29 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\SET524.tmp
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-11-09 282624]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 158208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-04-25 18:21 201992 c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 22:56 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-04 17:14 8491008 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-04 17:14 81920 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-09 08:16 282624 c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-24 10:31 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-04 17:14 1626112 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2006-03-02 02:22 577536 c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"Netcom3"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"SharedAccess"=2 (0x2)
"idsvc"=3 (0x3)
"TPSrv"=2 (0x2)
"PskSvcRetail"=2 (0x2)
"PSIMSVC"=2 (0x2)
"PSHost"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
"Panda Software Controller"=2 (0x2)
"AVP"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-10-23 11264]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 TEST22;TEST22;\??\c:\program files\Win32api\winio.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - "resycled\boo
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - d:\resycled\boot.com d:
.
s of the 'Scheduled Tasks' folder
2008-12-07 c:\windows\Tasks\Basic clean-up.job
- c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Explorer_Run-Win32api - c:\program files\Win32api\win32api.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-COMODO SafeSurf - c:\program files\COMODO\SafeSurf\cssurf.exe
MSConfigStartUp-SpyClean - c:\program files\Netcom3 Cleaner\netcom3.exe

**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-12-09 18:37:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxmhxtofxh.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\klogon.dll
.
Completion time: 2008-12-09 18:38:25
ComboFix-quarantined-files.txt 2008-12-09 15:38:22
Pre-Run: 69,346,557,952 bytes free
Post-Run: 69,337,083,904 bytes free
270 --- E O F --- 2008-11-26 22:58:01

 

[Ratio]

للرفع وللتعليق على التقرير ...

 

[Corporation]

كيف وضع الجهاز

علماً بأن الأدآة حذفت أصآبآت كانت في جهازك

طبق الأتي

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

:b:​

 

[Ratio]

السلام عليكم

لا زال اخى الفاضل الوضع كما هو لم يتغير شي ابدا , لا اعرف اين المشكله ؟

 

[Ratio]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:23 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{2AD20166-818B-4631-AB66-DBE9BFE4D3D1}: NameServer = 85.255.116.149;85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.149;85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.149;85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149;85.255.112.14
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
--
End of file - 5777 bytes

 

[Ratio]

تم فورمات الجهاز , جزاكم الله خير على المساعده