عبيد بن سعد

زيزوومي نشيط
إنضم
16 ديسمبر 2008
المشاركات
106
مستوى التفاعل
0
النقاط
120
غير متصل
بسم الله الرحمن الرحيم السلاااااااااااااام عليكم ورحمة الله وبركاته ياخوان عندي مشكله في الجهاز مدري هي فايروس والا خلل في النظام المهم خاصية البحث في ملفات الجهاز متعطله اذا ضغطت بحث يطلعلي يمين اطار ازرق من دون اي خيارات كما ان خاصية استعادة النظام يطلع لي اطار ابيض بدون اي ازرار للضغط لستعادة النظامارجو منكم المساعده وشكرا
 

ComboFix 09-04-22.A23 - xp 04/22/2009 16:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1014.594 [GMT 3:00]
Running from: c:\documents and settings\xp\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
c:\windows\system32\MCL16.dll
c:\windows\system32\winntue16.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.
2009-04-22 13:36 . 2009-04-22 13:36 -------- d-----w c:\documents and settings\xp\Application Data\Avira
2009-04-22 12:19 . 2008-04-14 15:59 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-22 12:19 . 2001-09-18 11:05 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-22 12:19 . 2008-04-14 15:59 18944 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-22 12:19 . 2001-09-18 11:06 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-22 12:19 . 2001-09-18 11:06 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-04-22 12:19 . 2001-09-18 11:06 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-04-22 12:19 . 2001-08-17 09:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-04-22 12:19 . 2004-08-03 19:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-04-22 12:19 . 2004-08-03 19:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-04-22 12:19 . 2008-04-14 15:59 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-22 12:17 . 2001-08-17 11:02 230912 -c--a-w c:\windows\system32\dllcache\tosdvd03.sys
2009-04-22 12:16 . 2001-09-18 11:03 157696 -c--a-w c:\windows\system32\dllcache\sisv256.dll
2009-04-22 12:15 . 2008-04-14 16:00 33280 -c--a-w c:\windows\system32\dllcache\psisrndr.ax
2009-04-22 12:14 . 2001-09-18 11:03 35392 -c--a-w c:\windows\system32\dllcache\n9i128.dll
2009-04-22 12:13 . 2008-04-14 15:59 48640 -c--a-w c:\windows\system32\dllcache\kdsui.dll
2009-04-22 12:12 . 2001-08-17 10:28 199711 -c--a-w c:\windows\system32\dllcache\hsf_faxx.sys
2009-04-22 12:11 . 2001-09-18 10:46 595647 -c--a-w c:\windows\system32\dllcache\es56cvmp.sys
2009-04-22 12:10 . 2001-09-18 11:03 27648 -c--a-w c:\windows\system32\dllcache\cyzports.dll
2009-04-22 12:09 . 2001-09-18 10:31 13824 -c--a-w c:\windows\system32\dllcache\bulltlp3.sys
2009-04-22 12:08 . 2004-08-03 19:31 36224 -c--a-w c:\windows\system32\dllcache\an983.sys
2009-04-21 19:38 . 2009-04-21 19:38 720896 ----a-w c:\windows\iun6002.exe
2009-04-21 13:09 . 2009-04-21 13:09 29360 ----a-w c:\windows\_SETUPD_.EXE
2009-04-21 10:54 . 2009-04-06 08:37 704384 ----a-w c:\windows\system32\drivers\SandBox.sys
2009-04-21 10:54 . 2009-02-10 13:15 257432 ----a-w c:\windows\system32\drivers\afwcore.sys
2009-04-21 10:54 . 2009-04-14 07:22 49 ----a-w c:\windows\transp.gif
2009-04-21 10:54 . 2009-02-18 14:30 31128 ----a-w c:\windows\system32\drivers\afw.sys
2009-04-21 10:53 . 2009-04-22 11:12 -------- d-----w c:\windows\system32\Filt
2009-04-21 10:53 . 2009-04-21 10:53 -------- d-----w c:\documents and settings\All Users\Application Data\Agnitum
2009-04-21 10:34 . 2009-04-21 10:34 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\Comodo
2009-04-21 10:27 . 2009-04-21 10:27 -------- d-----w c:\documents and settings\xp\Application Data\Comodo
2009-04-21 10:27 . 2009-04-21 10:27 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-19 15:02 . 2009-04-19 15:02 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\G DATA
2009-04-19 14:54 . 2009-04-19 14:54 0 ----a-w C:\osy3.sys
2009-04-19 14:50 . 2009-04-19 14:50 -------- d-----w c:\documents and settings\All Users\Application Data\Prevx
2009-04-18 16:23 . 2008-08-25 13:17 528384 ----a-w c:\windows\RtlExUpd.dll
2009-04-17 22:26 . 2006-06-29 10:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-17 22:18 . 2009-04-17 22:25 -------- d-----w c:\windows\system32\XPSViewer
2009-04-17 22:17 . 2009-04-17 22:17 222 ----a-w c:\windows\system32\spupdsvc.inf
2009-04-17 22:17 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-17 22:17 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-17 22:17 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-17 22:17 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-17 22:17 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-17 22:17 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-17 22:17 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-17 14:55 . 2009-04-17 14:55 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-17 14:51 . 2009-04-17 14:51 -------- d-----w C:\!KillBox
2009-04-16 23:02 . 1998-06-23 22:00 108336 ----a-w c:\windows\system32\MSWINSCK.OCX
2009-04-16 21:21 . 2009-04-16 21:56 -------- d-----w c:\windows\SxsCaPendDel
2009-04-16 21:19 . 2009-04-16 21:19 121 ----a-w c:\windows\bdagent.INI
2009-04-16 17:29 . 2009-04-16 17:29 -------- d-----w c:\documents and settings\xp\Application Data\CyberLink
2009-04-15 23:26 . 2009-04-17 13:36 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\Adobe
2009-04-15 10:17 . 2009-04-15 10:17 -------- d-----w c:\windows\system32\LogFiles
2009-04-13 17:00 . 2009-02-13 08:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-13 17:00 . 2009-04-22 12:59 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-13 13:55 . 2009-04-13 13:55 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\Abadisoft
2009-04-13 13:47 . 2009-04-13 13:47 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-13 13:47 . 2009-04-13 13:47 -------- d-----w c:\documents and settings\xp\Application Data\SUPERAntiSpyware.com
2009-04-13 13:44 . 2009-04-13 13:44 -------- d-----w c:\windows\Downloaded Installations
2009-04-12 22:31 . 2009-04-12 22:31 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-11 22:18 . 2009-04-11 22:20 -------- d-----w c:\documents and settings\xp\Application Data\TeraCopy
2009-04-11 22:14 . 2009-04-11 22:14 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\HP
2009-04-11 16:17 . 2009-04-22 13:30 -------- d-----w c:\documents and settings\xp\Application Data\HPAppData
2009-04-11 13:32 . 2009-04-11 13:32 806 ----a-w c:\windows\unins000.dat
2009-04-11 13:30 . 2009-04-11 13:30 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-11 13:28 . 2009-04-11 13:28 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-11 13:28 . 2007-11-08 14:59 271704 ----a-r c:\windows\system32\hpzids01.dll
2009-04-11 13:28 . 2007-10-20 15:25 117760 ----a-w c:\windows\system32\hpzll5mu.dll
2009-04-11 13:27 . 2009-04-11 13:27 -------- d-----w c:\documents and settings\xp\Application Data\HP
2009-04-11 13:16 . 2009-04-11 13:18 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-11 13:16 . 2009-04-11 13:16 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-11 13:11 . 2009-04-11 13:31 173371 ----a-w c:\windows\hphins26.dat
2009-04-11 13:11 . 2008-01-18 16:49 787 ------w c:\windows\hphmdl26.dat
2009-04-11 13:08 . 2008-04-13 18:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-11 13:08 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-10 19:42 . 2009-04-10 19:42 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\Windows Live Writer
2009-04-10 19:42 . 2009-04-10 19:42 -------- d-----w c:\documents and settings\xp\Application Data\Windows Live Writer
2009-04-10 13:59 . 2009-04-10 13:59 -------- d-----w c:\documents and settings\xp\Application Data\Thinstall
2009-04-10 13:15 . 2003-08-02 20:47 16466167 ------w c:\windows\Golden Al-Wafi Translator.CAB
2009-04-10 13:15 . 2009-04-10 13:15 256 ----a-w c:\windows\ST6UNST.004
2009-04-10 13:10 . 2009-04-10 13:11 831 ----a-w c:\windows\ST6UNST.003
2009-04-10 11:30 . 2009-04-10 11:30 454 ----a-w c:\windows\ST6UNST.002
2009-04-10 11:28 . 2009-04-10 13:15 172032 ------w c:\windows\Setup1.exe
2009-04-10 11:28 . 2009-04-10 13:15 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-10 11:28 . 2009-04-10 11:29 798 ----a-w c:\windows\ST6UNST.001
2009-04-10 11:27 . 2009-04-10 11:27 -------- d-----w c:\windows\speech
2009-04-10 11:25 . 2009-04-10 11:25 256 ----a-w c:\windows\ST6UNST.000
2009-04-08 14:26 . 2009-04-22 12:29 -------- d-----w c:\documents and settings\xp\Tracing
2009-04-08 14:25 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-08 13:15 . 2009-04-08 13:15 -------- d-----w c:\windows\SHELLNEW
2009-04-08 10:45 . 2009-04-08 10:45 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-07 15:05 . 2009-02-20 16:50 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-07 15:05 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-07 15:05 . 2009-02-20 16:50 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-07 15:05 . 2009-02-20 16:50 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-07 15:05 . 2008-07-09 14:25 1019904 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-07 15:05 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-07 15:05 . 2009-02-20 16:50 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-07 15:05 . 2009-02-20 16:50 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-07 15:05 . 2009-02-20 16:50 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-07 11:10 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-07 11:10 . 2008-10-16 11:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-07 10:56 . 2008-04-14 15:58 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-04-07 10:56 . 2008-04-14 15:58 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-07 10:56 . 2001-08-17 19:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-04-07 10:56 . 2001-08-17 19:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-07 10:56 . 2001-08-17 19:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-04-07 10:56 . 2001-08-17 19:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-07 10:56 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-04-07 10:56 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-04-07 10:56 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-07 10:56 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-07 10:56 . 2001-08-17 11:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-04-07 10:56 . 2001-08-17 11:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-07 10:17 . 2009-02-10 16:03 2067584 -c--a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-07 10:17 . 2009-02-09 11:22 2190592 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-07 10:17 . 2009-04-20 10:43 500 ----a-w c:\windows\system32\%LocalXml%
2009-04-06 21:03 . 2009-04-06 21:03 -------- d-----w c:\windows\l2schemas
2009-04-06 21:03 . 2009-04-06 21:03 -------- d-----w c:\windows\system32\ar
2009-04-06 21:03 . 2009-04-06 21:03 -------- d-----w c:\windows\system32\bits
2009-04-06 21:00 . 2009-04-06 21:04 -------- d-----w c:\windows\ServicePackFiles
2009-04-06 20:42 . 2004-08-03 21:38 700928 -c--a-w c:\windows\system32\dllcache\ati2mtag.sys
2009-04-05 20:52 . 2009-04-05 20:52 -------- d-----w c:\documents and settings\xp\Application Data\Media Player Classic
2009-04-05 20:38 . 2009-04-05 20:38 -------- d-----w c:\documents and settings\xp\Application Data\Desktopicon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 13:27 . 2001-09-19 12:00 69720 ----a-w c:\windows\system32\perfc001.dat
2009-04-22 13:27 . 2001-09-19 12:00 372796 ----a-w c:\windows\system32\perfh001.dat
2009-04-22 12:59 . 2009-04-22 12:59 -------- d-----w c:\program files\Avira
2009-04-21 19:38 . 2009-04-21 19:38 -------- d-----w c:\program files\Abadisoft
2009-04-21 18:13 . 2009-04-21 18:00 -------- d-----w c:\program files\Error Repair Professional
2009-04-21 13:36 . 2009-04-05 14:54 -------- d-----w c:\program files\Real_SC
2009-04-21 13:09 . 2009-04-05 14:26 55 ----a-w C:\autoexec.plu
2009-04-21 10:53 . 2009-04-21 10:53 -------- d-----w c:\program files\Agnitum
2009-04-21 10:52 . 2009-04-21 10:25 -------- d-----w c:\program files\Comodo
2009-04-18 17:30 . 2009-04-05 14:31 73792 ----a-w c:\documents and settings\xp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 16:23 . 2009-04-18 16:23 -------- d-----w c:\program files\Realtek
2009-04-18 16:23 . 2009-04-05 14:41 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 22:18 . 2009-04-17 22:18 -------- d-----w c:\program files\MSBuild
2009-04-17 22:18 . 2009-04-17 22:18 -------- d-----w c:\program files\Reference Assemblies
2009-04-17 20:44 . 2009-04-05 14:41 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-17 14:49 . 2009-04-17 14:49 -------- d-----w c:\program files\AxBx
2009-04-17 12:45 . 2009-04-17 12:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-16 23:07 . 2009-04-16 23:02 -------- d-----w c:\program files\All2Chat
2009-04-16 21:20 . 2009-04-16 20:13 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-16 20:14 . 2009-04-16 20:14 -------- d-----w c:\program files\BitDefender
2009-04-16 17:34 . 2009-04-16 17:34 -------- d-----w c:\program files\IObit
2009-04-16 17:23 . 2009-04-16 16:59 -------- d-----w c:\program files\NoAdware5.0
2009-04-16 15:00 . 2009-04-16 15:00 -------- d-----w c:\program files\Alwil Software
2009-04-13 18:07 . 2009-04-10 19:00 -------- d-----w c:\program files\LtUcx
2009-04-13 16:56 . 2009-04-13 13:47 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-11 22:22 . 2009-04-11 22:16 -------- d-----w c:\program files\TeraCopy
2009-04-11 13:16 . 2009-04-11 13:14 -------- d-----w c:\program files\HP
2009-04-11 13:15 . 2009-04-11 13:15 -------- d-----w c:\program files\Common Files\HP
2009-04-08 14:26 . 2009-04-08 14:23 -------- d-----w c:\program files\Windows Live
2009-04-08 14:25 . 2009-04-08 14:25 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-08 14:25 . 2009-04-08 14:25 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-08 14:23 . 2009-04-08 14:23 -------- d-----w c:\program files\Microsoft
2009-04-08 14:23 . 2009-04-08 14:23 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-08 13:13 . 2009-04-08 13:13 -------- d-----w c:\program files\Microsoft.NET
2009-04-07 10:22 . 2009-04-07 10:22 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-06 20:57 . 2004-08-03 19:59 250048 --sha-w C:\ntldr
2009-04-06 18:14 . 2009-04-05 14:25 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-06 12:15 . 2009-04-05 19:42 -------- d-----w c:\program files\Google
2009-04-05 20:38 . 2009-04-05 20:38 -------- d-----w c:\program files\Unlocker
2009-04-05 19:43 . 2009-04-05 19:43 -------- d-----w c:\program files\Common Files\xing shared
2009-04-05 19:43 . 2009-04-05 14:40 -------- d-----w c:\program files\Common Files\Real
2009-04-05 19:27 . 2009-04-05 14:58 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-05 19:06 . 2009-04-05 19:06 -------- d-----w c:\program files\Internet Download Manager
2009-04-05 18:26 . 2009-04-05 18:26 -------- d-----w c:\program files\Common Files\SmartCom
2009-04-05 18:25 . 2009-04-05 18:25 -------- d-----w c:\program files\HSDPA USB Modem
2009-04-05 17:03 . 2009-04-05 17:03 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-05 16:41 . 2009-04-05 16:37 -------- d-----w c:\program files\CONEXANT
2009-04-05 14:58 . 2009-04-05 14:58 2232 ----a-w c:\windows\java\Packages\Data\973DVFRD.DAT
2009-04-05 14:58 . 2009-04-05 14:58 155995 ----a-w c:\windows\java\Packages\SW5B13R7.ZIP
2009-04-05 14:58 . 2009-04-05 14:58 2678 ----a-w c:\windows\java\Packages\Data\EDF5B1VL.DAT
2009-04-05 14:58 . 2009-04-05 14:58 2678 ----a-w c:\windows\java\Packages\Data\JPJLF3XB.DAT
2009-04-05 14:58 . 2009-04-05 14:58 2678 ----a-w c:\windows\java\Packages\Data\VTN717JR.DAT
2009-04-05 14:58 . 2009-04-05 14:58 2678 ----a-w c:\windows\java\Packages\Data\RDVFN9JZ.DAT
2009-04-05 14:58 . 2009-04-05 14:58 2678 ----a-w c:\windows\java\Packages\Data\AQVRZ79N.DAT
2009-04-05 14:58 . 2009-04-05 14:58 268 ---ha-w C:\sqmdata00.sqm
2009-04-05 14:58 . 2009-04-05 14:58 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-05 14:54 . 2009-04-05 14:54 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-05 14:54 . 2009-04-05 14:54 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-05 14:54 . 2009-04-05 14:54 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-05 14:54 . 2009-04-05 14:54 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-05 14:54 . 2009-04-05 14:54 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-05 14:54 . 2009-04-05 14:54 196608 ----a-w c:\windows\system32\maag.dll
2009-04-05 14:54 . 2009-04-05 14:54 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-05 14:54 . 2009-04-05 14:54 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-05 14:53 . 2009-04-05 14:53 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-05 14:53 . 2009-04-05 14:53 -------- d-----w c:\program files\mpegable
2009-04-05 14:49 . 2009-04-05 14:49 -------- d-----w c:\program files\GRETECH
2009-04-05 14:45 . 2009-04-05 14:41 -------- d-----w c:\program files\CyberLink
2009-04-05 14:40 . 2009-04-05 14:40 -------- d-----w c:\program files\Real
2009-04-05 14:33 . 2009-04-05 14:33 -------- d-----w c:\documents and settings\xp\Application Data\Ashampoo
2009-04-05 14:33 . 2009-04-05 14:33 -------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-04-05 14:33 . 2009-04-05 14:33 -------- d-----w c:\program files\Ashampoo
2009-04-05 14:26 . 2009-04-05 14:26 -------- d-----w c:\program files\microsoft frontpage
2009-04-05 14:23 . 2009-04-05 14:23 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:20 . 2004-08-03 21:55 283136 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:06 . 2004-08-03 21:55 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-21 05:25 . 2008-12-31 14:04 691592 ----a-w c:\windows\system32\OGACheckControl.DLL
2009-02-20 16:50 . 2004-08-03 21:55 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2004-08-03 21:46 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2004-08-04 00:48 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2004-08-03 21:48 2146816 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2004-08-03 21:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-03 21:55 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-03 21:55 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-03 21:55 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-03 21:55 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-09-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-03 21:55 56832 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-28 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-05 198160]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-15 1229640]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-04-14 433480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
R3 PPDrv;Protector Plus Driver (UnRegistered); [x]
R3 PPEMSCAN;Protector Plus Email Scan Driver; [x]
R3 TF1D091010;TF1D091010;c:\windows\system32\DRIVERS\TF1D091010.sys [2008-02-01 99968]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-04-06 704384]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-14 1267528]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-02-24 186625]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-02-12 432897]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 31128]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-04-06 33888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-04-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ErrorRepairPro - c:\program files\Error Repair Professional\autostart.exe

.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com.sa/
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.106/ReadUid.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-22 16:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1020)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2952)
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2009-04-22 16:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 13:47
Pre-Run: 35,170,299,904 bytes free
Post-Run: 35,270,864,896 bytes free
336 --- E O F --- 2009-04-13 12:06
 

هذا التقرير وطبقت كل شي

وابشرك طلع كل شي تمام الله يعطيكم العافيه ويرحم والدينكم ويجزيكم كل خير


اذا فيه طلب تنفيذ اي شي بعد هالتقرير انا حاضر والا خلاص انحلت المشكله

واتمنى ان تخبرني هو فايروس والا خطا والا وش بالضبط
 
وين الاخوان يعطون الراي
 
نعم البرنامج حذف كم فايروس بس طبق التالي


اداة ATF cleaner





يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



و




يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





التوافق : ويندوز اكسبيفقط




شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة




002.png





وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))




او عن طريق كتابة الاوامر التالية في

ابداء>>>>>> تشغيل او run

اكتب كل مرة امر من الاوامر اللي بالانجليزي

prefetch

temp

%temp%

سوف تظهر لك مجلدات او ملفات قوم بحذفها كلها

وبعدين هات تقرير جديد​
 
اداة ATF cleaner هالاداه ماذا اعمل فيها
 
Logfile of HijackThis v1.99.1
Scan saved at 08:03:12 م, on 22/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
D:\مجلد جديد\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\xp\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\xp\Application Data\CyberScrub\Privacy Suite"
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
 
احذف هالقيمة

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


طريقة الحذف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي







وبذلك تكون تمت عملية الحذف


واستخدم الاداة الثانية في الرد السابق عشان تنظف الجهاز

وبعدين تقرير جديد


 
التعديل الأخير بواسطة المشرف:
Logfile of HijackThis v1.99.1
Scan saved at 08:21:33 م, on 22/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\OGAVerify.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
D:\مجلد جديد\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\xp\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\xp\Application Data\CyberScrub\Privacy Suite"
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
 
جبنا التقرير يالبارون الله يعطيك العافيه انت والاخوان اتعبناكم معنا
 
اخوي حذفت القيم من الرد الاخير

ماتروح اليوم الا وانت مرتاح انشاء الله اخوي

استخدم هالاداة والشرح حقها تحت

اداة dial-a-fix


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شرح الاستخدام


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهات تقرير جديد
 
يااساتذتنا انا طبقت كل شي زي ماقلتو وكل شي كان ماشي تمام حتى طبقت الخيار الاخير بعدين قام يفتح لين المتصفح عشرين صفحه
ثانياَ الكونكت موبايلي ماعادة تتصل يجين لقد صادف البرنامج خطاء
ثالثاَ انا كنت مركب حمايه افيرا ووت بوست وحذفتها وركبت افاست وكان الوضع الان احسن المتصفح فتح ولادري لو رجعت له المشكله

ثالثا رحت لمحل صيانه وجرب الكونكت على جهاز ثاني طلعت شغاله وقال يمكن جهازك فيه فايروس او فيه برامج تتعارض
وقال لازم فورمات
الان افرمت الجهاز والا عندكم طريقه تزبط الجهاز والله يحفظكم ويرعاكم اتعبتكم معي
 
وينكم ياساتذتنا اخوكم مزنوء
 
عودة
أعلى