عبيد بن سعد

زيزوومي نشيط
إنضم
16 ديسمبر 2008
المشاركات
106
مستوى التفاعل
0
النقاط
120
غير متصل
بسم الله الرحمن الرحيم

ياخوان انا امس طرحت موضووع تحت عنوان مشكله في الفلاش

واليوم الفلاش شغال في جهاز ثاني نفسه بس على جهازي مايشتغل

ذهبت لمحل صيانه قال لازم فورمات وانا والله ماني فاضي افرمت كل شوي

هل هناك طريقه اوحل مع العلم انه قبل يومين شغا ل مافيه شي حاولت استعادة النظام مارضي يشتغل


اعذروني على ازعاجكم
 

طيب اعمل الاتي


اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​

 
توقيع : KoNaMi
Logfile of HijackThis v1.99.1
Scan saved at 06:13:43 م, on 27/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HSDPA USB Modem\WellPhone XT\wellphone2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\ksa\سطح المكتب\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{5086E646-6966-4816-8057-C62AB12B4E16}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
 
اشكرك على سرعة الاستجابه والله يكتبها في موازين حسناتك
 
بعد اذن اخي الغالي

قم بحذف التالي والتقرير غير كامل

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


i9139_1.png

i9140_2.png


ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

i9141_11.png

i9142_22.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

i9143_33.png


وبعدها تقرير هاي جاك جديد

بالآآنتظآآر ,,
 
توقيع : أعتز بك
Logfile of HijackThis v1.99.1
Scan saved at 06:25:15 م, on 27/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\ksa\سطح المكتب\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\ksa\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\ksa\Application Data\CyberScrub\Privacy Suite"
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\program files\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
 
الان اعمل الاتي

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز >>> لاتغير اسم الاداة واحفظها على سطح المكتب

نزل هذه الاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
 
توقيع : KoNaMi
ComboFix 09-04-25.A3 - ksa 04/27/2009 18:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1014.625 [GMT 3:00]
Running from: c:\documents and settings\ksa\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.
2009-04-27 14:41 . 2009-04-27 14:41 -------- d-----w c:\program files\Microsoft.NET
2009-04-26 20:38 . 2009-04-27 14:42 -------- d-----w c:\program files\Avira
2009-04-26 20:36 . 2009-02-26 07:27 704384 ----a-w c:\windows\system32\drivers\SandBox.sys
2009-04-26 20:36 . 2009-02-10 13:15 257432 ----a-w c:\windows\system32\drivers\afwcore.sys
2009-04-26 20:35 . 2009-01-16 08:14 49 ----a-w c:\windows\transp.gif
2009-04-26 20:35 . 2008-06-20 06:45 30864 ----a-w c:\windows\system32\drivers\afw.sys
2009-04-26 20:35 . 2009-04-27 14:48 -------- d-----w c:\windows\system32\Filt
2009-04-26 20:35 . 2009-04-27 14:42 -------- d-----w c:\program files\Agnitum
2009-04-26 20:31 . 2009-04-27 14:42 -------- d-----w c:\documents and settings\All Users\Application Data\Agnitum
2009-04-26 15:21 . 2009-04-27 14:41 -------- d-----w C:\DriveKey
2009-04-26 11:42 . 2008-04-14 15:59 151040 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-04-26 11:42 . 2008-04-14 15:59 151040 ----a-w c:\windows\system32\irftp.exe
2009-04-26 11:42 . 2008-04-14 15:59 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-26 11:42 . 2008-04-14 15:59 8192 ----a-w c:\windows\system32\wshirda.dll
2009-04-26 11:42 . 2008-04-14 15:59 27648 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-04-26 11:42 . 2008-04-14 15:59 27648 ----a-w c:\windows\system32\irmon.dll
2009-04-25 19:41 . 2009-04-25 19:43 -------- d-----w c:\windows\SHELLNEW
2009-04-25 19:11 . 2009-04-25 19:11 -------- d-----w c:\documents and settings\ksa\Local Settings\Application Data\ESET
2009-04-25 18:57 . 2009-04-25 18:57 -------- d-----w c:\documents and settings\ksa\Application Data\ESET
2009-04-25 18:55 . 2009-04-25 18:55 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-25 15:44 . 2009-04-27 13:30 -------- d-----w c:\documents and settings\ksa\Tracing
2009-04-25 15:42 . 2009-04-25 15:42 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-25 15:41 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-25 15:41 . 2009-04-25 15:41 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-25 15:38 . 2009-04-25 15:38 -------- d-----w c:\program files\Microsoft
2009-04-25 15:38 . 2009-04-25 15:38 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-25 15:30 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-25 15:30 . 2008-10-16 11:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-24 19:58 . 2009-04-24 19:58 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-24 18:58 . 2009-04-24 18:58 -------- d-----w c:\documents and settings\ksa\Application Data\Media Player Classic
2009-04-24 18:58 . 2009-04-27 10:48 69 ----a-w c:\windows\NeroDigital.ini
2009-04-24 17:33 . 2009-04-24 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-24 15:28 . 2009-04-24 15:28 -------- d-----w c:\windows\system32\LogFiles
2009-04-24 15:21 . 2009-04-24 15:21 -------- d-----w c:\windows\l2schemas
2009-04-24 15:21 . 2009-04-24 15:21 -------- d-----w c:\windows\system32\ar
2009-04-24 15:21 . 2009-04-24 15:21 -------- d-----w c:\windows\system32\bits
2009-04-24 15:18 . 2009-04-24 15:22 -------- d-----w c:\windows\ServicePackFiles
2009-04-24 14:22 . 2004-08-03 19:41 1041536 ------w c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-24 14:22 . 2004-08-03 19:41 685056 ------w c:\windows\system32\drivers\hsfcxts2.sys
2009-04-24 14:22 . 2004-08-03 19:41 220032 ------w c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-24 14:22 . 2001-09-19 12:00 5971 -c----w c:\windows\system32\dllcache\events.js
2009-04-24 14:22 . 2004-07-17 19:55 129045 ------w c:\windows\system32\drivers\cxthsfs2.cty
2009-04-24 14:22 . 2004-07-17 08:35 184155 -c----w c:\windows\system32\dllcache\compact.wmz
2009-04-24 14:22 . 2001-09-19 12:00 773 -c----w c:\windows\system32\dllcache\cnth.gif
2009-04-24 14:22 . 2001-09-19 12:00 773 -c----w c:\windows\system32\dllcache\cnt.gif
2009-04-24 14:22 . 2001-09-19 12:00 772 -c----w c:\windows\system32\dllcache\cntd.gif
2009-04-24 14:22 . 2001-09-19 12:00 999 -c----w c:\windows\system32\dllcache\bktrh.gif
2009-04-24 14:22 . 2001-09-19 12:00 760 -c----w c:\windows\system32\dllcache\cloapph.gif
2009-04-24 14:22 . 2001-09-19 12:00 717 -c----w c:\windows\system32\dllcache\cloapp.gif
2009-04-24 13:12 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-24 13:12 . 2009-03-06 14:20 283136 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-24 13:12 . 2009-02-09 11:22 2190592 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-24 13:12 . 2009-02-09 11:21 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-24 13:12 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-24 13:12 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-24 13:12 . 2009-02-09 10:51 723456 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-24 13:12 . 2009-02-09 10:51 681472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-24 13:12 . 2009-02-09 10:51 693760 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-24 13:12 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-24 13:12 . 2009-02-09 11:22 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-24 13:12 . 2009-02-09 11:22 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-24 12:57 . 2008-06-14 17:31 271616 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-24 12:36 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-24 12:30 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-24 12:29 . 2008-05-01 14:34 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-04-24 12:27 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-24 12:25 . 2008-10-15 16:35 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-24 12:23 . 2009-03-27 06:48 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-24 12:23 . 2008-04-21 21:14 215040 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-24 10:00 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-24 09:57 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-04-24 09:46 . 2008-10-16 11:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-04-24 09:46 . 2008-10-16 11:08 31768 ----a-w c:\windows\system32\wucltui.dll.mui
2009-04-24 09:46 . 2008-10-16 11:07 23576 ----a-w c:\windows\system32\wuaucpl.cpl.mui
2009-04-24 09:46 . 2008-10-16 11:07 17432 ----a-w c:\windows\system32\wuaueng.dll.mui
2009-04-24 09:46 . 2008-10-16 11:08 23576 ----a-w c:\windows\system32\wuapi.dll.mui
2009-04-23 22:48 . 2009-04-24 21:28 -------- d-----w c:\program files\AutorunRemover
2009-04-23 21:06 . 2009-04-23 21:06 -------- d-----w c:\documents and settings\ksa\Application Data\Malwarebytes
2009-04-23 21:06 . 2009-04-23 21:06 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 17:27 . 2009-04-23 20:21 3140 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 17:27 . 2009-04-23 20:21 176160 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 17:08 . 2009-04-23 17:08 -------- d-----w c:\windows\Downloaded Installations
2009-04-23 17:05 . 2009-04-23 17:05 -------- d-----w c:\documents and settings\ksa\Application Data\CyberScrub
2009-04-23 17:04 . 2009-04-27 15:19 -------- d-----w c:\documents and settings\ksa\Application Data\cleaner
2009-04-23 15:40 . 2009-04-23 15:40 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-23 15:24 . 2009-04-23 15:24 -------- d-----w c:\documents and settings\ksa\Local Settings\Application Data\Ahead
2009-04-23 15:22 . 2009-04-23 15:55 -------- d-----w c:\documents and settings\ksa\Local Settings\Application Data\Adobe
2009-04-23 15:21 . 2009-04-23 15:22 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 14:08 . 2009-04-23 14:08 268 ---ha-w C:\sqmdata03.sqm
2009-04-23 14:08 . 2009-04-23 14:08 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-23 13:50 . 2009-04-23 13:50 268 ---ha-w C:\sqmdata02.sqm
2009-04-23 13:50 . 2009-04-23 13:50 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-23 13:47 . 2009-04-23 13:47 -------- d-----w c:\documents and settings\ksa\Application Data\COWON
2009-04-23 13:21 . 2009-04-27 10:59 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-23 13:21 . 2009-04-27 14:42 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-23 13:20 . 2009-04-27 15:44 -------- d-----w c:\documents and settings\ksa\Application Data\HPAppData
2009-04-23 13:15 . 2009-04-23 13:15 -------- d-----w c:\documents and settings\ksa\Application Data\HP
2009-04-23 13:15 . 2009-04-23 13:15 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-23 13:05 . 2009-04-23 13:05 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-23 13:05 . 2007-11-08 14:59 271704 ----a-r c:\windows\system32\hpzids01.dll
2009-04-23 13:05 . 2007-10-20 15:25 117760 ----a-w c:\windows\system32\hpzll5mu.dll
2009-04-23 12:22 . 2003-11-01 22:45 389120 ----a-w c:\windows\system32\actskn43.ocx
2009-04-23 12:10 . 2009-04-23 13:05 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-23 12:10 . 2009-04-23 12:10 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-23 12:10 . 2009-04-23 12:10 -------- d-----w c:\program files\Common Files\HP
2009-04-23 12:08 . 2009-04-23 14:08 -------- d-----w c:\documents and settings\ksa\Contacts
2009-04-23 12:08 . 2009-04-23 12:10 -------- d-----w c:\program files\HP
2009-04-23 12:07 . 2009-04-23 13:15 173336 ----a-w c:\windows\hphins26.dat
2009-04-23 12:07 . 2008-01-18 16:49 787 ------w c:\windows\hphmdl26.dat
2009-04-23 12:05 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 15:45 . 2009-04-23 10:37 -------- d-----w c:\documents and settings\ksa\Application Data\DMCache
2009-04-27 15:27 . 2001-09-19 12:00 58784 ----a-w c:\windows\system32\perfc001.dat
2009-04-27 15:27 . 2001-09-19 12:00 328494 ----a-w c:\windows\system32\perfh001.dat
2009-04-27 14:41 . 2009-04-23 10:41 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 21:21 . 2009-04-23 10:00 94752 ----a-w c:\documents and settings\ksa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 19:11 . 2009-04-23 10:39 -------- d-----w c:\program files\Real_SC
2009-04-25 15:42 . 2009-04-23 10:33 -------- d-----w c:\program files\Windows Live
2009-04-24 15:15 . 2004-08-03 19:59 250048 --sha-r C:\ntldr
2009-04-23 21:38 . 2009-04-23 10:40 -------- d-----w c:\program files\Flash Player Plus
2009-04-23 20:49 . 2009-04-23 10:37 -------- d-----w c:\program files\Internet Download Manager
2009-04-23 20:34 . 2009-04-23 10:37 -------- d-----w c:\documents and settings\ksa\Application Data\IDM
2009-04-23 11:51 . 2009-04-23 11:51 268 ---ha-w C:\sqmdata01.sqm
2009-04-23 11:51 . 2009-04-23 11:51 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-23 11:32 . 2009-04-23 11:32 268 ---ha-w C:\sqmdata00.sqm
2009-04-23 11:32 . 2009-04-23 11:32 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-23 11:28 . 2009-04-23 08:52 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-23 11:27 . 2009-04-23 10:20 -------- d-----w c:\program files\CONEXANT
2009-04-23 11:10 . 2009-04-23 11:10 564 ----a-w c:\documents and settings\ksa\Local Settings\Application Data\FSCache.dat
2009-04-23 11:10 . 2009-04-23 11:10 -------- d-----w c:\program files\Common Files\SmartCom
2009-04-23 11:10 . 2009-04-23 11:10 -------- d-----w c:\program files\HSDPA USB Modem
2009-04-23 10:47 . 2009-04-23 10:47 -------- d-----w c:\documents and settings\ksa\Application Data\vlc
2009-04-23 10:44 . 2009-04-23 10:44 -------- d-----w c:\program files\VideoLAN
2009-04-23 10:44 . 2009-04-23 10:43 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-23 10:43 . 2009-04-23 10:43 -------- d-----w c:\program files\mpegable
2009-04-23 10:43 . 2009-04-23 10:43 47104 ------w c:\windows\AKDeInstall.exe
2009-04-23 10:43 . 2009-04-23 10:43 -------- d-----w c:\program files\CyberLink
2009-04-23 10:43 . 2009-04-23 10:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-23 10:42 . 2009-04-23 10:42 -------- d-----w c:\program files\Common Files\xing shared
2009-04-23 10:42 . 2009-04-23 10:42 -------- d-----w c:\program files\Common Files\Real
2009-04-23 10:42 . 2009-04-23 10:42 -------- d-----w c:\program files\Real
2009-04-23 10:41 . 2009-04-23 10:41 -------- d-----w c:\program files\Common Files\COWON
2009-04-23 10:41 . 2009-04-23 10:41 -------- d-----w c:\program files\JetAudio
2009-04-23 10:40 . 2009-04-23 10:40 720896 ----a-w c:\windows\iun6002.exe
2009-04-23 10:40 . 2009-04-23 10:40 -------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-04-23 10:40 . 2009-04-23 10:40 -------- d-----w c:\documents and settings\ksa\Application Data\GRETECH
2009-04-23 10:40 . 2009-04-23 10:40 -------- d-----w c:\program files\GRETECH
2009-04-23 10:39 . 2009-04-23 10:39 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-23 10:39 . 2009-04-23 10:39 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-23 10:39 . 2009-04-23 10:39 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-23 10:39 . 2009-04-23 10:39 196608 ----a-w c:\windows\system32\maag.dll
2009-04-23 10:39 . 2009-04-23 10:39 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-23 10:39 . 2009-04-23 10:39 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-23 10:39 . 2009-04-23 10:39 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-23 10:39 . 2009-04-23 10:39 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-23 10:36 . 2009-04-23 10:36 2678 ----a-w c:\windows\java\Packages\Data\5NNRRHRZ.DAT
2009-04-23 10:36 . 2009-04-23 10:36 2678 ----a-w c:\windows\java\Packages\Data\ZNP3LJRR.DAT
2009-04-23 10:36 . 2009-04-23 10:36 2678 ----a-w c:\windows\java\Packages\Data\QL3LVDJF.DAT
2009-04-23 10:36 . 2009-04-23 10:36 2678 ----a-w c:\windows\java\Packages\Data\NTBZLB7J.DAT
2009-04-23 10:36 . 2009-04-23 10:36 2678 ----a-w c:\windows\java\Packages\Data\68KHB97X.DAT
2009-04-23 10:12 . 2009-04-23 10:12 2232 ----a-w c:\windows\java\Packages\Data\RL3RDV1N.DAT
2009-04-23 10:12 . 2009-04-23 10:12 155995 ----a-w c:\windows\java\Packages\GQOYCSMI.ZIP
2009-04-23 10:11 . 2009-04-23 10:11 -------- d-----w c:\program files\Ahead
2009-04-23 10:11 . 2009-04-23 10:11 -------- d-----w c:\program files\Common Files\Ahead
2009-04-23 08:53 . 2009-04-23 08:53 -------- d-----w c:\program files\microsoft frontpage
2009-04-23 08:49 . 2009-04-23 08:49 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:20 . 2004-08-03 21:55 283136 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:06 . 2004-08-03 21:55 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 16:50 . 2004-08-03 21:55 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2004-08-03 21:46 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2004-08-04 00:48 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2004-08-03 21:48 2146816 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2004-08-03 21:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-03 21:55 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-03 21:55 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-03 21:55 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-03 21:55 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-09-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-03 21:55 56832 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-23 2745776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-23 185896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-03-02 1225032]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-03-02 433480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]
R3 TF1D091010;TF1D091010;c:\windows\system32\DRIVERS\TF1D091010.sys [2008-02-01 99968]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-02-26 704384]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-03-02 1267016]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-27 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-27 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-02-12 432897]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-02-26 33888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-04-26 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-27 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.bh/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-27 18:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(664)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(3748)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.ARA
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Agnitum\Outpost Firewall Pro\op_mon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
c:\program files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
**************************************************************************
.
Completion time: 2009-04-27 18:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 15:46
Pre-Run: 35,147,091,968 bytes free
Post-Run: 35,071,176,704 bytes free
303 --- E O F --- 2009-04-26 21:41
 
قام أخر اداة بحذف

c:\windows\system32\kakle.dll

ما هي النتائج الأن
 
توقيع : أعتز بك
ماتغير شي نفس المشكله
 
فيه حل ياخوان والا افرمت الجهاز
 
ياساتذه ردو علي
 
ياساتذه فيه حل والا فرمت الجهاز

لاني جربت الفلاش على جهاز ثاني شغال رحت لإدارة اجهزه يقول الجهاز يعمل بشكل صحيح

مادري وين المشكله

فيه ناس يقولوون سو تعريف للفلاش من السيدي اللي يجي مع الجهاز وانا ماعندي سيدي للجهاز يقال ان الاجهزه الجديده مايجي معها سيدي

فارجوكم حلو لي المشكله ولاتخلون الهنود يمصعون مني خمسين ريال وجزاكم الله خير
 
ياشباب فيه حل والا اغلقو الموضووع لاني مادري الخبرا متى يتواجدون وشكلي طفشتكم كل شوي رافع المضووع
 
الحين هات هاجيك جديد ...
 
توقيع : KoNaMi
استاذي الله يعطيك العافيه ماقصرت انا اليوم دخلت زيزوم للامن والحمايه ولقيت للاخ ZUHAIRTAHA موضوع عن اداة وحملتها وانا مجرب قبل دقيقه الفلاش مافيه فايده نفس المشكله وسويت فحص بها وركبت الفلاش واشتغل زي الالف وهالحين اقول لمن عانا نفس معاناتي يحمل هذه الاداة ويتوكل بالله

والله يجزاكم خير ويوفقكم فكيتونا من الهنود اللي ماعندهم غير فورمات

وهذا الرابط لمن اراد ان يستفيد
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
عودة
أعلى