الشاشة الزرقاء عجز عن حلها خبراء الصيانة،الرجاء المساعدة

  • بادئ الموضوع بادئ الموضوع omer2009
  • تاريخ البدء تاريخ البدء
  • المشاهدات 2,544
O

omer2009

زيزوومي نشيط
إنضم
1 سبتمبر 2008
المشاركات
105
مستوى التفاعل
3
النقاط
120
غير متصل
مشكلة الشاشة الزرقاء لم يستطع احد من الخبراء عمل حل جذري لها ارجو من خبراء زيزوم المساعدة جزاكم الله خيرا واليكم تقرير هاي جاك:


Logfile of HijackThis v1.99.1
Scan saved at 12:07:55 م, on 24/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\NMSAccessU.exe
D:\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\Documents and Settings\XPPRESP3\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - D:\PROGRA~1\NET2SOFT\ANTI-H~1\IEPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - D:\PROGRA~1\NET2SOFT\ANTI-H~1\IEPlugin.dll (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer = 196.27.0.230 196.27.0.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer = 196.27.0.230 196.27.0.35
O17 - HKLM\System\CS2\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer = 196.27.0.230 196.27.0.35
O17 - HKLM\System\CS3\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer = 196.27.0.230 196.27.0.35
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - D:\ScsiAccess.exe


 

ترتيب حسب التاريخ ترتيب حسب الأصوات
مرحباً

اذهب الى هذا المسار C:\Windows\Minidump ستجد بداخله ملفات كل ملف له تاريخ معين ارفق الملف الذي يحتوي على آخر تاريخ للملفات .
 
توقيع : FireFox
تأييد 0
شكرا لك اخي على تواضعك وتكرمك وسرعة الاستجابة لخدمة اعضاء منتدانا الغالي جزيت خيرا
فعلت ما طلبت حسب المسار المحدد وجدته فارغ تماما تحققت من خلال الذهاب الى ادوات------خيارات مجلد----veiw-----show hidden file...
فارغ تماما
شكرا لك
 
تأييد 0
توقيع : KoNaMi
تأييد 0
شكرا لجهودكم ومساعدتكم لم تجد الحلول نفعا قمت بتحميل الاداة ولم تنفع لدي شيء اقوله ان درايف مشغل السي دي روم فيه مشكلة عدم تشغيل افلام dvd
وعند ظهور الشاشة الزرقاء تظهر لي هذه الارقام:

STOP:0X0000000A,(0X00000004,0X00000002,0X00000000,0X804E7EED[/FONT]

دخلت على جوجل وبحثت في هذه الارقام فدخلت على موقع لشخص يعاني من نفس المشكلة وينصحوا بتحميل اداة لاصلاح السي دي روم دي في دي قمت بتحميلها حسب النصيحة
تجده في هذه الصفحة( عذرا ليس المقصود اشهار موقع)
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وشكر لجهودكم
 
تأييد 0
هل أتحلت المشكله يا أخى ام لا ؟

و ..شكراً
 
توقيع : Net LeGand
تأييد 0
اخوي مشكلة الشاشة الزرقاء ليست قضية صعبة وسببها واحد من اثنان

مشاكل سوفت وير (( وهي برامج لاتناسب الجهاز سواء تعمل تعارض مع قطع الجهاز او تتعارض البرامج مع بعضها البعض ))

مشاكل هاردوير (( قد تكون قطعة قد تحركت من مكانها مثل كرت الشاشة او عدم وصول طاقة كافية لها او ان صاحب الكمبيوتر قام باضافة قطعة لاتتناسب مع الماذر بورد او المعالج ))

يعني الاسباب كثير والحلول كثير​
 
توقيع : البارون
تأييد 0
شكرا لتواصلكم واهتمامكم الكريم جاري التجربة وسأوافيكم بالنتيجة حال التحقق
هناك مشكلة درايف dvd والذي لا يقرا افلام dvd حاولت تعريفه وقبل التعريف ونزلت برنامج السيبر والزووم دون فائدة شكرا لتعاونكم الكريم وفقكم الله تعالى
 
تأييد 0
للاسف مشكلة الشاشة الزرقاء لم تحل
 
تأييد 0
رابط تحميل آخر تحديث للاداة



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,


شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور





000.png





001.png






002.png






003.png






004.png






005.png


 
التعديل الأخير بواسطة المشرف:
توقيع : Corporation
تأييد 0
اخي الكريم انا ايضاً عندي نفس المشكله ومارحت الا بالفورمات
 
تأييد 0
جزاكم الله خير جزاء ووفقكم الى كل خير
حملت الاداة وتتبعت الخطوات100% وهذه نتيجة تقرير الاداة:


SmitFraudFix v2.423

Scan done at 22:20:38.64, Wed 07/29/2009
Run from C:\Documents and Settings\XPPRESP3.USER.000\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 196.27.0.230
DNS Server Search Order: 196.27.0.35

HKLM\SYSTEM\CCS\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer=196.27.0.230 196.27.0.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer=196.27.0.230 196.27.0.35
HKLM\SYSTEM\CS2\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer=196.27.0.230 196.27.0.35


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

بارك الله فيكم
 
تأييد 0

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
السلام عليكم ورحمة الله وبركاته
تحية حب وتقدير لجهودكم الخيرة لخدمة الاعضاء
قمت بتحميل الاداة وعمل سكان واليك اخي التقرير:


ComboFix 09-07-29.03 - XPPRESP3 07/30/2009 4:02.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1015.546 [GMT 3:00]
Running from: c:\documents and settings\XPPRESP3.USER.000\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 00:56 . 2009-07-30 00:56 -------- d-----w- c:\windows\LastGood
2009-07-29 19:11 . 2009-07-29 19:11 -------- d-----w- C:\Movavi files
2009-07-29 13:17 . 2009-07-29 13:17 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Photo Collage Creator 3.27\1000000b00002i\verclsid.exe
2009-07-29 12:50 . 2009-07-29 12:50 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\MOVAVI
2009-07-29 05:29 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-29 05:03 . 2009-07-29 05:03 -------- d-----w- c:\windows\system32\scripting
2009-07-29 05:03 . 2009-07-29 05:03 -------- d-----w- c:\windows\l2schemas
2009-07-29 05:03 . 2009-07-29 05:03 -------- d-----w- c:\windows\system32\en
2009-07-29 04:59 . 2009-07-29 04:59 -------- d-----w- c:\windows\ServicePackFiles
2009-07-29 01:59 . 2009-07-29 01:59 7168 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\VeryDOC PowerPoint to Flash Converter v2.0\300000003400002i\dwwin.exe
2009-07-29 01:59 . 2009-07-29 01:59 7168 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\VeryDOC PowerPoint to Flash Converter v2.0\10000001a00002i\OfficeLiveSignIn.exe
2009-07-28 09:24 . 2009-07-28 09:24 53319 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-07-27 15:34 . 2009-07-28 09:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2009-07-27 15:34 . 2009-07-27 15:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-07-27 15:34 . 2009-07-27 15:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-07-26 05:13 . 2009-07-26 05:13 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Virtual Mechanics
2009-07-26 05:13 . 2009-07-26 05:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Virtual Mechanics
2009-07-25 11:49 . 2009-07-25 12:04 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\CoreFTP
2009-07-24 00:56 . 2004-08-03 19:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-07-24 00:56 . 2004-08-03 19:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-07-24 00:56 . 2004-08-03 19:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-07-24 00:56 . 2004-08-03 19:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-07-24 00:56 . 2004-08-03 19:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-07-24 00:56 . 2004-08-03 19:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-07-24 00:56 . 2004-08-03 19:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2009-07-24 00:56 . 2004-08-03 19:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2009-07-24 00:56 . 2004-08-03 19:41 404990 ------w- c:\windows\system32\drivers\slntamr.sys
2009-07-24 00:56 . 2004-08-03 19:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2009-07-24 00:56 . 2004-08-03 19:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2009-07-24 00:56 . 2004-08-03 19:41 13776 ------w- c:\windows\system32\drivers\recagent.sys
2009-07-24 00:55 . 2004-08-03 19:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2009-07-24 00:55 . 2004-08-03 19:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-24 00:55 . 2004-08-03 19:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2009-07-24 00:55 . 2004-08-03 19:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2009-07-24 00:55 . 2004-08-03 19:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2009-07-24 00:55 . 2004-08-03 19:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-07-24 00:55 . 2004-08-03 19:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-07-24 00:55 . 2004-08-03 19:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-07-24 00:55 . 2004-08-03 19:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-07-23 17:49 . 2009-02-06 10:29 2142720 ----a-w- c:\windows\system32\LOGOOS.EXE
2009-07-22 02:42 . 2009-07-22 02:42 192 ----a-w- c:\windows\system32\tbhi.dat
2009-07-22 02:42 . 2009-07-22 02:42 10 ----a-w- c:\windows\system32\drivers\tmbi.sys
2009-07-22 02:42 . 2003-10-24 13:57 104968 ------w- c:\windows\system32\drivers\RapDrv.sys
2009-07-22 02:42 . 2003-02-25 16:26 24344 ------w- c:\windows\system32\drivers\RapNet.sys
2009-07-22 02:42 . 2003-02-25 16:26 36644 ------w- c:\windows\system32\drivers\RapFile.sys
2009-07-22 02:42 . 2009-07-22 02:42 -------- d-----w- c:\program files\ISS
2009-07-22 02:42 . 2005-04-01 07:38 147608 ------w- c:\windows\system32\blackdll.dll
2009-07-22 02:42 . 2005-03-30 07:40 229331 ------w- c:\windows\system32\drivers\blackdrv.sys
2009-07-22 01:49 . 2009-07-22 01:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-16 02:28 . 2009-07-16 02:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-07-16 01:00 . 2009-07-16 01:00 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-16 01:00 . 2009-07-16 01:00 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-16 01:00 . 2009-07-16 01:00 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-16 01:00 . 2009-07-16 01:00 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-13 04:24 . 2009-07-13 07:58 64512 ---ha-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\dach100.dll
2009-07-13 04:20 . 2009-07-13 04:24 110 ---ha-w- c:\windows\winshell.dat
2009-07-13 04:20 . 2009-07-13 07:59 -------- d-----w- c:\program files\Dachshund Software
2009-07-12 23:55 . 2004-01-10 22:17 45568 ----a-w- c:\windows\system32\YM11AUTH.DLL
2009-07-12 23:54 . 1998-06-17 22:00 153600 ----a-w- c:\windows\system32\tlbinf32.dll
2009-07-12 21:24 . 2009-07-12 21:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
2009-07-12 21:22 . 2009-07-24 08:03 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\SACore
2009-07-12 21:22 . 2009-07-12 21:22 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-07-12 21:22 . 2009-07-12 21:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-12 21:21 . 2009-07-12 21:21 -------- d-----w- c:\program files\McAfee
2009-07-11 21:20 . 2009-07-11 21:20 -------- d-----w- c:\program files\Photodex Presenter
2009-07-11 21:20 . 2009-07-11 21:19 131072 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Netscape\Plugins\npPxPlay.dll
2009-07-11 21:20 . 2009-07-11 21:19 131072 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Mozilla\Plugins\npPxPlay.dll
2009-07-11 20:55 . 2009-07-11 20:55 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Photo Collage Creator 3.27\1000000600002i\svchost.exe
2009-07-11 15:27 . 2009-07-11 15:25 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-11 15:25 . 2009-07-14 20:18 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\.housecall6.6
2009-07-10 12:24 . 2009-07-10 12:24 -------- d-----w- c:\program files\Apple Software Update
2009-07-10 12:24 . 2009-06-05 08:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-10 12:24 . 2009-06-05 08:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-10 07:56 . 2009-07-10 07:56 9216 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Advanced Office Repair v1.5\1000000500002i\hh.exe
2009-07-10 00:58 . 2009-07-10 02:27 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\PC Tools
2009-07-09 19:21 . 2009-07-09 19:21 9216 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Advanced Office Repair v1.5\40000040700002i\AAR.EXE
2009-07-08 18:47 . 2009-07-10 00:24 117760 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 18:45 . 2009-07-08 18:45 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\SUPERAntiSpyware.com
2009-07-08 18:18 . 2009-07-08 18:18 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\300000003400002i\dwwin.exe
2009-07-08 18:15 . 2009-07-08 18:15 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\4000001000002i\win32pad.exe
2009-07-08 18:11 . 2009-07-08 18:11 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\4000003800002i\wltuser.exe
2009-07-08 18:11 . 2009-07-08 18:11 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\4000002700002i\ytbb.exe
2009-07-08 18:11 . 2009-07-08 18:11 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\4000001300002i\GoogleToolbarNotifier.exe
2009-07-08 18:11 . 2009-07-08 18:11 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\4000001900002i\iexplore.exe
2009-07-08 17:56 . 2009-07-08 17:56 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\400000b00002i\Ras.exe
2009-07-08 17:56 . 2009-07-08 17:56 637592 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\%SystemSystem%\kmon.dll
2009-07-08 17:56 . 2009-06-30 18:58 629360 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\Rsaupd.exe
2009-07-08 17:55 . 2009-07-08 17:55 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\4000009c00002i\Rsaupd.exe
2009-07-08 17:54 . 2009-07-08 17:54 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\4000007200002i\knownsvr.exe
2009-07-08 17:54 . 2009-07-08 17:54 32256 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Rising PC Doctor\4000008000002i\Splash Screen.exe
2009-07-08 16:58 . 2009-07-08 16:58 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Photo Collage Creator 3.27\4000008000002i\Splash Screen.exe
2009-07-08 16:18 . 2009-07-08 16:18 9216 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Advanced Office Repair v1.5\40000027200002i\AWR.EXE
2009-07-06 19:16 . 2009-07-06 19:16 76288 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CCleaner (remove only)\1000000ff00002i\explorer.exe
2009-07-06 19:15 . 2009-07-06 19:15 76288 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CCleaner (remove only)\10000001600002i\msiexec.exe
2009-07-06 19:15 . 2009-07-06 19:15 76288 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CCleaner (remove only)\4000005000002i\setup.exe
2009-07-06 14:01 . 2009-07-06 14:01 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Photodex
2009-07-05 07:53 . 2009-07-05 07:53 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Xilisoft Corporation
2009-07-05 01:18 . 2009-07-05 01:23 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Ulead Systems
2009-07-05 00:27 . 2009-07-05 00:27 -------- d-----w- c:\program files\Common Files\InterVideo
2009-07-05 00:26 . 2009-07-05 00:26 -------- d-----w- c:\program files\Windows Media Components
2009-07-05 00:24 . 2009-07-08 15:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ulead Systems
2009-07-05 00:24 . 2009-07-05 00:26 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-03 14:41 . 2009-07-03 14:41 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Gena01
2009-07-03 14:41 . 2009-07-03 14:41 -------- d-----w- c:\program files\Win32Pad
2009-07-03 13:42 . 2009-07-03 13:42 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Malwarebytes
2009-07-03 13:40 . 2009-07-03 13:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-03 11:11 . 2009-07-03 11:11 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\DivX
2009-07-03 09:39 . 2004-08-03 20:07 68224 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Driver Checker v2.7.3\%SystemSystem%\ReinstallBackups\0006\DriverFiles\i386\pci.sys
2009-07-03 09:39 . 2004-08-03 20:07 68224 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Driver Checker v2.7.3\%SystemSystem%\ReinstallBackups\0005\DriverFiles\i386\pci.sys
2009-07-03 09:21 . 2009-07-03 09:21 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Driver Checker v2.7.3\1000000600002i\runonce.exe
2009-07-03 09:21 . 2004-08-04 08:07 68224 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Driver Checker v2.7.3\%SystemSystem%\ReinstallBackups\0002\DriverFiles\i386\pci.sys
2009-07-03 09:12 . 2009-07-03 09:12 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Driver Checker v2.7.3\4000008000002i\Splash Screen.exe
2009-07-03 07:29 . 2009-07-03 07:29 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Spyware Cease v4.0\400000fa00002i\AutoUpdate.exe
2009-07-03 07:29 . 2009-07-03 07:29 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Spyware Cease v4.0\4000008000002i\Splash Screen.exe
2009-07-03 07:09 . 2009-07-03 07:09 76288 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CCleaner (remove only)\4000001500002i\Uninstall.exe
2009-07-03 07:09 . 2009-07-03 07:09 76288 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CCleaner (remove only)\4000001500002i\PegtopUI.exe
2009-07-02 16:59 . 2009-07-02 16:59 -------- d-----w- c:\windows\Muslim Bag
2009-07-02 10:16 . 2009-07-02 10:16 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\FotoWorks XL\300000003400002i\dwwin.exe
2009-07-01 18:19 . 2009-07-01 18:19 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Yahoo!
2009-07-01 10:57 . 2009-07-01 13:41 -------- d-----w- C:\My Documents
2009-07-01 09:56 . 2009-07-01 09:57 -------- d--h--w- c:\program files\GLF31.tmp
2009-07-01 09:54 . 2009-07-01 09:57 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\SlipStream
2009-07-01 09:52 . 2009-07-01 09:55 -------- d--h--w- c:\program files\GLF26E.tmp
2009-07-01 09:09 . 2009-07-25 16:17 -------- d-----w- c:\program files\FotoWorksXL
2009-06-30 20:46 . 2009-06-30 20:46 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-02 21:43 . 2009-03-04 16:49 77176 -c--a-w- c:\windows\Fonts\SC_OUHOD.ttf
2016-12-30 16:32 . 2009-03-04 16:49 90072 -c--a-w- c:\windows\Fonts\SC_REHAN.ttf
2016-12-30 16:06 . 2009-03-04 16:49 70064 -c--a-w- c:\windows\Fonts\SC_TARABLUS.ttf
2016-12-30 16:05 . 2009-03-04 16:49 102264 -c--a-w- c:\windows\Fonts\SC_SHMOOKH01.ttf
2016-12-30 16:05 . 2009-03-04 16:49 66792 -c--a-w- c:\windows\Fonts\SC_SHARJAH.ttf
2016-12-30 16:04 . 2009-03-04 16:49 66852 -c--a-w- c:\windows\Fonts\SC_LUJAYN.ttf
2016-12-30 16:03 . 2009-03-04 16:49 64908 -c--a-w- c:\windows\Fonts\SC_KHALID.ttf
2016-12-30 16:03 . 2009-03-04 16:49 63168 -c--a-w- c:\windows\Fonts\SC_HANI.ttf
2016-12-30 16:02 . 2009-03-04 16:49 81648 -c--a-w- c:\windows\Fonts\SC_GULF.ttf
2016-12-30 16:02 . 2009-03-04 16:49 75820 -c--a-w- c:\windows\Fonts\SC_DUBAI.ttf
2016-12-30 16:01 . 2009-03-04 16:49 70368 -c--a-w- c:\windows\Fonts\SC_AMEEN.ttf
2016-12-30 16:00 . 2009-03-04 16:49 86304 -c--a-w- c:\windows\Fonts\SC_ALYERMOOK.ttf
2009-07-29 14:56 . 2009-03-14 11:49 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-29 13:03 . 2009-03-04 15:09 131296 -c--a-w- c:\documents and settings\XPPRESP3.USER.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 16:17 . 2009-02-28 12:34 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-07-22 03:42 . 2008-12-16 14:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 02:07 . 2008-12-16 14:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-15 14:27 . 2009-03-11 15:15 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-15 14:27 . 2009-03-11 15:15 249856 ------w- c:\windows\Setup1.exe
2009-07-14 14:40 . 2009-05-20 02:04 737280 ----a-w- c:\windows\iun6002.exe
2009-07-14 05:47 . 2009-06-20 17:27 0 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\WinPatrol\Autoexec.bat
2009-07-12 21:22 . 2009-06-06 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2009-07-11 16:49 . 2009-03-26 18:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-07-10 12:24 . 2009-06-24 16:27 -------- d-----w- c:\program files\Common Files\Apple
2009-07-10 00:23 . 2009-03-16 16:53 2560 -c--a-w- c:\windows\_MSRSTRT.EXE
2009-07-09 14:08 . 2009-03-27 16:14 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall
2009-07-08 14:18 . 2009-06-25 13:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\iolo
2009-07-05 16:05 . 2009-06-25 15:33 518 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\iolo\Registry\Last\restore.bat
2009-07-05 01:54 . 2009-05-27 15:49 62976 ----a-w- c:\windows\PegtopUI.exe
2009-07-05 01:54 . 2009-06-16 00:41 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-02 18:51 . 2009-06-14 01:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Uniblue
2009-07-02 18:51 . 2009-06-03 18:12 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Uniblue
2009-07-02 17:16 . 2009-06-20 17:27 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\WinPatrol
2009-07-01 09:55 . 2009-05-23 14:46 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Texture Maker
2009-06-28 10:20 . 2009-06-28 10:20 39936 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\RegCure 1.6.0.0\4000004d00002i\firefox.exe
2009-06-28 10:14 . 2009-06-28 10:14 39936 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\RegCure 1.6.0.0\300000003400002i\dwwin.exe
2009-06-28 10:14 . 2009-06-28 10:14 39936 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\RegCure 1.6.0.0\4000008000002i\Splash Screen.exe
2009-06-25 16:00 . 2009-06-25 16:00 -------- d-----w- c:\program files\MSXML 6.0
2009-06-25 15:54 . 2009-06-25 15:54 -------- d-----w- c:\program files\MSXML 4.0
2009-06-25 15:20 . 2009-06-25 15:20 1619 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\iolo\restore.bat
2009-06-25 15:20 . 2009-06-25 13:11 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\iolo
2009-06-25 13:24 . 2009-06-25 13:24 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\iolo
2009-06-24 18:38 . 2008-12-16 08:17 -------- d-----w- c:\program files\Google
2009-06-24 16:30 . 2009-06-24 16:30 9216 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Apex Video Converter Super 6.62\40000059200003i\apexconverter.exe
2009-06-23 16:51 . 2009-06-23 16:51 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Netscape
2009-06-23 15:20 . 2009-06-23 09:43 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\exe
2009-06-23 13:51 . 2009-06-23 13:51 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\PhotoNow! 1.0\10000001a00002i\OfficeLiveSignIn.exe
2009-06-23 13:51 . 2009-06-23 13:51 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\PhotoNow! 1.0\300000005db00002i\POWERPNT.EXE
2009-06-23 13:50 . 2009-06-23 13:50 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\PhotoNow! 1.0\4000001100003i\CLDrvChk.exe
2009-06-22 17:42 . 2008-12-16 08:18 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-22 17:40 . 2009-03-04 06:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-06-21 09:00 . 2009-06-21 09:00 -------- d-----w- c:\documents and settings\Administrator.USER.004\Application Data\Uniblue
2009-06-20 17:27 . 2009-06-20 17:27 -------- d-----w- c:\program files\BillP Studios
2009-06-20 12:14 . 2009-06-20 12:14 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Blender Foundation
2009-06-19 12:41 . 2009-06-19 12:43 843 ----a-w- C:\ChangeWinXPKey.vbs
2009-06-18 04:31 . 2009-06-18 04:31 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Outerspace Software
2009-06-16 14:36 . 2004-08-04 09:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 02:52 . 2008-12-16 08:22 -------- d-----w- c:\program files\Yahoo!
2009-06-14 14:37 . 2009-06-14 14:37 76288 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CCleaner (remove only)\4000001600002i\st6unst.exe
2009-06-14 04:15 . 2009-03-06 16:24 99608 -csha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-14 04:15 . 2009-03-06 16:24 17748000 -csha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-10 15:45 . 2009-06-10 15:45 -------- d-----w- c:\program files\temp
2009-06-08 13:19 . 2008-12-16 08:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-06 01:38 . 2009-06-06 01:38 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-06-05 01:42 . 2009-06-05 01:38 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\phpDesigner 2008
2009-06-04 17:25 . 2009-06-04 17:25 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\MAGIX
2009-06-03 19:09 . 2005-11-26 23:30 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 17:16 . 2009-05-12 17:42 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Web Page Maker
2009-06-02 18:42 . 2009-06-02 18:42 -------- d-----w- c:\program files\Abourasheed
2009-06-02 18:07 . 2009-06-02 18:07 7168 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CyberScrub® Privacy Suite™ 5.1\400000dd00002i\CSPSeraser.exe
2009-06-02 16:11 . 2009-06-22 17:41 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-02 12:47 . 2009-06-02 12:47 76288 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CCleaner (remove only)\400000c00002i\javaw.exe
2009-06-02 12:47 . 2009-06-02 12:47 76288 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\CCleaner (remove only)\4000002800002i\javaws.exe
2009-06-01 11:42 . 2009-06-01 11:42 -------- d-----w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Arcsoft
2009-06-01 11:12 . 2009-06-01 11:12 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Ashampoo UnInstaller 3.12\40000042800002i\UnInstaller.exe
2009-06-01 11:00 . 2009-06-01 11:00 7680 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Ashampoo UnInstaller 3.12\4000008000002i\Splash Screen.exe
2009-06-01 11:00 . 2009-06-01 11:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ashampoo
2009-05-31 01:18 . 2009-01-24 11:39 -------- d-----w- c:\program files\ESET
2009-05-30 02:46 . 2009-05-30 02:46 0 ----a-w- c:\windows\nsreg.dat
2009-05-29 21:37 . 2009-06-22 17:41 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-06-22 17:41 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-28 11:52 . 2009-05-28 11:52 35840 ----a-w- c:\documents and settings\XPPRESP3.USER.000\Application Data\Thinstall\Microsoft Office FrontPage 2003\1000000b00002h\rundll32.exe
2009-05-25 02:49 . 2009-06-16 00:42 2568242 -c----w- c:\documents and settings\All Users.WINDOWS\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-05-10 16:30 . 2009-05-10 16:30 192752 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-07 15:32 . 2004-08-04 09:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 14:12 . 2009-05-05 14:12 14 ----a-w- c:\windows\system32\System32.sys
2009-05-01 21:02 . 2009-06-22 17:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-06-22 17:41 685056 ----a-w- c:\windows\system32\divx.dll
2007-01-25 00:52 . 2007-01-25 00:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2009-07-23 18:15 . 2009-02-21 16:24 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-22 03:43 . 2009-03-06 16:24 99616 -csha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[7] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\ServicePackFiles\i386\msgsvc.dll
[7] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll

[7] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[7] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2005-07-27 61952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-22 16858112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BlackICE PC Protection.lnk - c:\program files\ISS\BlackICE\blackice.exe [2009-7-22 778240]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/10/2009 9:55 PM 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/13/2009 12:21 AM 210216]
R3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [7/22/2009 5:42 AM 36644]
R3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [7/22/2009 5:42 AM 24344]
S0 black;black;c:\windows\system32\drivers\blackdrv.sys [7/22/2009 5:42 AM 229331]
S0 Lbd;Lbd; [x]
S2 BlackICE;BlackICE;c:\program files\ISS\BlackICE\blackd.exe [7/22/2009 5:42 AM 1229430]
S3 CAM1210;SM0121 USB 2.0 Video Camera;c:\windows\system32\drivers\cam1210.sys [7/24/2006 5:49 PM 89856]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 RapDrv;RapDrv;c:\windows\system32\drivers\RapDrv.sys [7/22/2009 5:42 AM 104968]
.
Contents of the 'Scheduled Tasks' folder

2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-07-30 c:\windows\Tasks\XoftSpySE 2.job
- d:\xsoftspy\XoftSpySE\XoftSpy.exe [2009-02-11 05:43]

2009-07-28 c:\windows\Tasks\XoftSpySE.job
- d:\xsoftspy\XoftSpySE\XoftSpy.exe [2009-02-11 05:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{8DE0FCD4-5EB5-11D3-AD25-00002100131B} - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - d:\progra~1\NET2SOFT\ANTI-H~1\IEPlugin.dll
IE: {{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\progra~1\NET2SOFT\ANTI-H~1\IEPlugin.dll
TCP: {344CA852-9625-4BF4-A05A-89CAA6863B87} = 196.27.0.230 196.27.0.35
FF - ProfilePath - c:\documents and settings\XPPRESP3.USER.000\Application Data\Mozilla\Firefox\Profiles\8ohmfgde.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\XPPRESP3.USER.000\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
txtfile=c:\program files\Win32Pad\win32pad.exe "%L"
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-30 04:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
Completion time: 2009-07-30 4:08
ComboFix-quarantined-files.txt 2009-07-30 01:08
ComboFix2.txt 2009-07-10 06:05
ComboFix3.txt 2009-02-27 08:02

Pre-Run: 18,332,798,976 bytes free
Post-Run: 18,330,783,744 bytes free

358 --- E O F --- 2009-07-30 00:01

بارك الله فيك
 
تأييد 0
أخوي متى تظهر هذه الشاشة وهل تظهر بإستمرار أم مرة واحدة ؟
او تظهر بعد تشغيل الجهاز وثم يطفي الجهاز ؟
وضح لنا بالتفصيل
 
تأييد 0
اشكر اهتمامك الكريم اخي الفاضل
تظهر الشاشة الزرقاء (تقريبا من 3 -- 5 مرات في اليوم وبشكل متقطع)بعد التشغيل والعمل على الكمبيوتر لساعات طويلة ثم فجأة تظهر وقبل ذلك لم تكن تظهر بل كان الجهاز يعمل رستارت لحاله ثم عملت بنصيحة خبير من موقع اجنبي مشهور بالدخول الى اعدادات الكمبيوتر وتعطيل عمل رستارت فبدات تظهر الشاشة الزرقاء .قمت بفرمتة الجهاز حوالي خمس مرات دون فائدة، نزلت برنامج لضبط سرعة مروحة المعالج (البروسسر) كانت درجة حرارة البروسسر تتراوح بين 50 ---62 تقريبا.اول معاناتي لهذه المشكلة كانت بمجرد ما اشتريت الجهاز من الشركة ووصلته بالنت مباشرة عرضت المشكلة على الشركة رفضوا صيانته بحجة ان السبب ربما يعود لفيروسات والاتصال بالنت.
وشكرا لجهودكم
 
تأييد 0
السلام عليكم ورحمة الله وبركاته

تحية اعتزاز وتقدير بجهودكم الكريمة
اليك اخي تقرير الهاي جاك:

Logfile of HijackThis v1.99.1
Scan saved at 08:26:09, on 30/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\NMSAccessU.exe
D:\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\XPPRESP3\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - D:\PROGRA~1\NET2SOFT\ANTI-H~1\IEPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - D:\PROGRA~1\NET2SOFT\ANTI-H~1\IEPlugin.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer = 196.27.0.230 196.27.0.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer = 196.27.0.230 196.27.0.35
O17 - HKLM\System\CS2\Services\Tcpip\..\{344CA852-9625-4BF4-A05A-89CAA6863B87}: NameServer = 196.27.0.230 196.27.0.35
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: ScsiAccess - Unknown owner - D:\ScsiAccess.exe


 
تأييد 0
الله يرضى عليك ويجزاك خير اخوي

بالنسبة للفايروسات الواضح ان الجهاز لا توجد به اصابات

من اضافة وازالة البرامج

طيب هل جربت تحذف جدار الحماية بلاك ايس (( لانو ملاحظ ان فيه مشاكل ثقل عند اللي يركبون البرنامج ))

احذف Google Toolbar



واحذف هالقيم بالهايجاك

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


طريقة الحذف للاكس بي






mg%20%283%29.png







mg%20%284%29.png



بعدها للتنظيف


التحميل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط



شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )


000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))


002.png


وبعدين عطنا كيف الاوضاع في جهازك


 
التعديل الأخير بواسطة المشرف:
توقيع : البارون
تأييد 0
السلام عليكم
وبارك الله في جهودكم ووفقكم الى كل خير

تم العمل حسب المطلوب والنتجة ظهور الشاشة الزرقاء بعد ثلاث ساعات وبشكل متكرر -اي في خلال ربع ساعة مضت مرتين ظهرت الشاشة الزرقاء.الملاحظ في المرات السابقة قبل ان احمل الاداة واعمل سكان وتظيف...التي نصحتموني بها كانت الشاشة الزرقاء تعطيني القيم التالية:

stop:0x0000000a,(0x00000004,0x00000002,0x00000000,0x804e7eed​
اما الان فالقيم اختلفت التي ظهرت مع الشاشة الزرقاء وهي:

كالسابقriver-irql-not-less-or-equal

والقيم الجديدة:

Stop:0x0000000d1 (0x7923b1c2) 0x00000002,0x00000000,0x7923b1c2
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى