تم حل المشكلة ظهور شاشة زرقاء والجهار بrestart

[maelkassas]

السلام عليكم

بدات المشكلة من يومين فجأة ظهرت شاشة زرقاء ولم تدم سوي لثواني معدودة حوالي 3ثواني وبعدها الجهاز restart وتكرر المشكلة اليوم مرة اخري
ارجو المساعدة
لايمكنني ان اقرا ما يظهر لانه يختفي بسرعة

 

[Devil Eye]

الرجاء عمل هذا التقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

+
قياس درجة الحرارة وارفاق الصور

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

استخدم هذه الاداة لتصوير الشاشة [

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[maelkassas]

شك

الرجاء عمل هذا التقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

+
قياس درجة الحرارة وارفاق الصور

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

استخدم هذه الاداة لتصوير الشاشة [

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شكرا للرد دا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:42 م, on 26/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\DFX\DFX.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ctfmon] CTFMON.EXE
O4 - HKLM\..\Run: [DFX] C:\Program Files\DFX\DFX.exe -startup
O4 - HKLM\..\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASO-System Protector_startup] "C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe" autolaunch
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\System32\C2MP\UpdateChecker.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe (file missing)
O23 - Service: ASO3DiskOptimizer - Systweak Software, (

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

--
End of file - 6659 bytes

 

[Devil Eye]

شك

شكرا للرد دا تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:42 م, on 26/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\DFX\DFX.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ctfmon] CTFMON.EXE
O4 - HKLM\..\Run: [DFX] C:\Program Files\DFX\DFX.exe -startup
O4 - HKLM\..\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ASO-System Protector_startup] "C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe" autolaunch
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\System32\C2MP\UpdateChecker.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe (file missing)
O23 - Service: ASO3DiskOptimizer - Systweak Software, (

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

--
End of file - 6659 bytes

تمام كدة ممكن قياس حرارة الجهاز

 

[maelkassas]

دا الحرارة

 

[Devil Eye]

دا الحرارة

درجة حرارة البوردة مرتفعة 63

واذا امكن حرارة البروسيسور
اضغط على تبويب cpu فى البرنامج

 

[maelkassas]

بالنسبة للدرجة دي تعتبر عادية لانها اوقات بتبقي في السبعين والجهاو مش بيحصل له كدا

 

[maelkassas]

المشكلة لما اتكررت النهاردة انا كنت بستخدم البرنامج دا Ashampoo UnInstaller 5
علشان الغي تسطيب برنامج في نص عملية الغاء التسطيب لاقيت الشاشة ازرقت وظهر فيها كلام كتير والجهاز restart

 

[Devil Eye]

ممكن عمل تنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفاق التقرير

 

[maelkassas]

اعمل فحص كامل ام فحص سريع

 

[Devil Eye]

اعمل فحص كامل ام فحص سريع

فحص كامل طبعا

 

[maelkassas]

بكره ان شاء الله هبقي ابعت التقرير

 

[maelkassas]

بكره ان شاء الله هبقي ابعت التقرير

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نسخة قاعدة البيانات : v2013.09.26.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
الــشــيــخ :: الــشــيــخ-PC [مدير]

الحماية: معطلة

27/09/2013 09:30:17 ص
MBAM-log-2013-09-27 (11-04-43).txt

نوع الفحص : فحص كامل (C:\|D:\|E:\|F:\|)
خيارت الفحص الممكنة: الذاكرة | بدء التشغيل | الريجستري | نظام الملفات | أساليب بحثية/غير ذلك | Shuriken/أساليب بحثية | PUP | PUM
خيارات الفحص المعطلة: P2P
الكائنات المفحوصة : 286269
الوقت المنقضي : 1 ساعة, 33 دقيقة, 47 ثانية

عمليات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

وحدات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مفاتيح الريجستري المصابة : 1
HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء

قيم الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مواد بيانات الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

المجلدات المصابة : 6
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Logs (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Quarantine (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء

الملفات المصابة : 36
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.BundledToolBar.A) -> لم ينفذ أي إجراء
E:\rcpsetup_2005.exe (PUP.Optional.RegCleanerPro) -> لم ينفذ أي إجراء
E:\اخري\wmpfirefoxplugin-oc-jd.exe (PUP.Optional.OpenCandy) -> لم ينفذ أي إجراء
E:\اخري\GOMPLAYERENSETUP_2.EXE (PUP.Optional.OpenCandy) -> لم ينفذ أي إجراء
E:\العاب\windows.7.codec.pack.v4.0.8.setup.exe (PUP.Optional.OpenCandy) -> لم ينفذ أي إجراء
E:\حماية\Advanced System Optimizer 3.5.1000.15127 Full Patch.rar (PUP.Riskware.Patcher) -> لم ينفذ أي إجراء
E:\IDM\Patch IDM.rar (Backdoor.Agent) -> لم ينفذ أي إجراء
E:\IDM\Patch.rar (PUP.Hacktool.Patcher) -> لم ينفذ أي إجراء
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\status.lic (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates\1517mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates\1518update.zip (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates\1519update.zip (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates\1520update.zip (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates\1521update.zip (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates\1522update.zip (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates\1523update.zip (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\ProgramData\Systweak\Advanced System Protector\updates\914completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_25-09-13_09-01-41.xml (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_25-09-13_09-20-50.xml (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\virus.hidrag._qt_ (PUP.Optional.AdvancedSystemProtector.A) -> لم ينفذ أي إجراء

(و)

 

[maelkassas]

انا مسح كل اللي في c اما اللي في e دي برامج معرفش ليه هو عرفها علي انها ملفات ضارة علشان كدا ما مسحتهاش دا التقرير بعد المسح
Malwarebytes Anti-Malware (PRO) 1.75.0.1300

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نسخة قاعدة البيانات : v2013.09.26.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
الــشــيــخ :: الــشــيــخ-PC [مدير]

الحماية: معطلة

27/09/2013 11:15:46 ص
mbam-log-2013-09-27 (11-15-46).txt

نوع الفحص : فحص كامل (C:\|)
خيارت الفحص الممكنة: الذاكرة | بدء التشغيل | الريجستري | نظام الملفات | أساليب بحثية/غير ذلك | Shuriken/أساليب بحثية | PUP | PUM
خيارات الفحص المعطلة: P2P
الكائنات المفحوصة : 272097
الوقت المنقضي : 52 دقيقة, 58 ثانية

عمليات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

وحدات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مفاتيح الريجستري المصابة : 1
HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف

قيم الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مواد بيانات الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

المجلدات المصابة : 6
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Logs (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Quarantine (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف

الملفات المصابة : 29
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.BundledToolBar.A) -> تم بنجاح العزل و الحذف
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\status.lic (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates\1517mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates\1518update.zip (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates\1519update.zip (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates\1520update.zip (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates\1521update.zip (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates\1522update.zip (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates\1523update.zip (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\ProgramData\Systweak\Advanced System Protector\updates\914completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_25-09-13_09-01-41.xml (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_25-09-13_09-20-50.xml (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف
C:\Users\الــشــيــخ\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\virus.hidrag._qt_ (PUP.Optional.AdvancedSystemProtector.A) -> تم بنجاح العزل و الحذف

(و)

 

[Devil Eye]

تمام كدة
البرنامج حذف اصابات كثيرة من النظام
اعمل تنظيف لمخلفات الجهاز بواسطة سى كلينر واعد تشغيل الجهاز

ان لم تحل المشكلة برجاء عمل تقرير
سجلات النظام و الاخطاء
من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وان شاء الله خير

 

[maelkassas]

تمام كدة
البرنامج حذف اصابات كثيرة من النظام
اعمل تنظيف لمخلفات الجهاز بواسطة سى كلينر واعد تشغيل الجهاز

ان لم تحل المشكلة برجاء عمل تقرير
سجلات النظام و الاخطاء
من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وان شاء الله خير

====== سجل أخطاء النظام ======

Computer Name: الــشــيــخ-PC
Event Code: 1012
Message: There was an error while attempting to read the local hosts file.
Record Number: 82335
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20130727185544.906118-000
Event Type: Error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: الــشــيــخ-PC
Event Code: 1012
Message: There was an error while attempting to read the local hosts file.
Record Number: 82334
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20130727185544.596118-000
Event Type: Error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: الــشــيــخ-PC
Event Code: 11
Message: Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Record Number: 82333
Source Name: Microsoft-Windows-Wininit
Time Written: 20130727185544.356117-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: الــشــيــخ-PC
Event Code: 1012
Message: There was an error while attempting to read the local hosts file.
Record Number: 82332
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20130727185543.156116-000
Event Type: Error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: الــشــيــخ-PC
Event Code: 1012
Message: There was an error while attempting to read the local hosts file.
Record Number: 82324
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20130727185541.595063-000
Event Type: Error
User: NT AUTHORITY\NETWORK SERVICE



===== سجل أخطاء البرامج =====

Computer Name: الــشــيــخ-PC
Event Code: 63
Message: A provider, OffProv11, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS11 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 235
Source Name: Microsoft-Windows-WMI
Time Written: 20130416181553.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: الــشــيــخ-PC
Event Code: 63
Message: A provider, OffProv11, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS11 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 234
Source Name: Microsoft-Windows-WMI
Time Written: 20130416181553.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: الــشــيــخ-PC
Event Code: 6001
Message: The winlogon notification subscriber <GPClient> failed a notification event.
Record Number: 192
Source Name: Microsoft-Windows-Winlogon
Time Written: 20130416175917.000000-000
Event Type: Warning
User:

Computer Name: الــشــيــخ-PC
Event Code: 1015
Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Record Number: 186
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20130416175842.000000-000
Event Type: Warning
User:

Computer Name: الــشــيــخ-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 91
Source Name: Microsoft-Windows-Search
Time Written: 20130416174017.000000-000
Event Type: Warning
User:



===== السجل الأمني =====

Computer Name: الــشــيــخ-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 20187
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130709094616.906959-000
Event Type: Audit Success
User:

Computer Name: الــشــيــخ-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: الــشــيــخ-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x270
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 20186
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130709094616.906959-000
Event Type: Audit Success
User:

Computer Name: الــشــيــخ-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 20185
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130709094600.289008-000
Event Type: Audit Success
User:

Computer Name: الــشــيــخ-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: الــشــيــخ-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x270
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 20184
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130709094600.289008-000
Event Type: Audit Success
User:

Computer Name: الــشــيــخ-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x30a04
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 20183
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130709094544.638870-000
Event Type: Audit Success
User:



===== تقرير انهيار البرامج =====

==================================================
Process File : plugin-container.exe
Event Name : Stopped working
Event Time : 27/09/2013 10:40:08 م
User Name : الــشــيــخ
Exception Code : 0xc0000005
Exception Offset : 0x052cb5ed
Fault Module Name : StackHash_2264
Fault Module Version: 0.0.0.0
Process Path : C:\Program Files\Mozilla Firefox\plugin-container.exe
Report File Size : 23,322
Report File Path : C:\Users\الــشــيــخ\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_plugin-container_429065ac53212e51d03286d2a6cc9d81ab77d0f7_1312909d\Report.wer
==================================================




===== تقرير الشاشة الزرقاء =====

 

[Devil Eye]

معذرة على التاخير

فيه هنا مشكله فى تعريف الشبكة الرجاء حذفه وتثبيت اخر اصدار من التعريف

 

[maelkassas]

معذرة على التاخير

فيه هنا مشكله فى تعريف الشبكة الرجاء حذفه وتثبيت اخر اصدار من التعريف

ولا يهمك يا غالي
حذفت التعريف وسطبته من اسطوانه التعريفات اللي مع الجهاز وعملته تحديث وطلع الحمد لله احدث نسخة كما في الصورة

وهذا هو تقرير سجل الاخطاء

====== سجل أخطاء النظام ======

Computer Name: الــشــيــخ-PC
Event Code: 1012
Message: There was an error while attempting to read the local hosts file.
Record Number: 83828
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20130729145324.672677-000
Event Type: Error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: الــشــيــخ-PC
Event Code: 7003
Message: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
Record Number: 83817
Source Name: Service Control Manager
Time Written: 20130729145321.243481-000
Event Type: Error
User:

Computer Name: الــشــيــخ-PC
Event Code: 7003
Message: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
Record Number: 83816
Source Name: Service Control Manager
Time Written: 20130729145321.243481-000
Event Type: Error
User:

Computer Name: الــشــيــخ-PC
Event Code: 7003
Message: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
Record Number: 83815
Source Name: Service Control Manager
Time Written: 20130729145321.243481-000
Event Type: Error
User:

Computer Name: الــشــيــخ-PC
Event Code: 1096
Message: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
Record Number: 83711
Source Name: Microsoft-Windows-GroupPolicy
Time Written: 20130729130438.724940-000
Event Type: Error
User: الــشــيــخ-PC\الــشــيــخ



===== سجل أخطاء البرامج =====

Computer Name: الــشــيــخ-PC
Event Code: 63
Message: A provider, OffProv11, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS11 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 235
Source Name: Microsoft-Windows-WMI
Time Written: 20130416181553.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: الــشــيــخ-PC
Event Code: 63
Message: A provider, OffProv11, has been registered in the Windows Management Instrumentation namespace Root\MSAPPS11 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 234
Source Name: Microsoft-Windows-WMI
Time Written: 20130416181553.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: الــشــيــخ-PC
Event Code: 6001
Message: The winlogon notification subscriber <GPClient> failed a notification event.
Record Number: 192
Source Name: Microsoft-Windows-Winlogon
Time Written: 20130416175917.000000-000
Event Type: Warning
User:

Computer Name: الــشــيــخ-PC
Event Code: 1015
Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Record Number: 186
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20130416175842.000000-000
Event Type: Warning
User:

Computer Name: الــشــيــخ-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 91
Source Name: Microsoft-Windows-Search
Time Written: 20130416174017.000000-000
Event Type: Warning
User:



===== السجل الأمني =====

Computer Name: الــشــيــخ-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 20595
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130710161843.710026-000
Event Type: Audit Success
User:

Computer Name: الــشــيــخ-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: الــشــيــخ-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x298
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 20594
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130710161843.710026-000
Event Type: Audit Success
User:

Computer Name: الــشــيــخ-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 20593
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130710161843.507226-000
Event Type: Audit Success
User:

Computer Name: الــشــيــخ-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: الــشــيــخ-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x298
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 20592
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130710161843.507226-000
Event Type: Audit Success
User:

Computer Name: الــشــيــخ-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-20
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e4

Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 20591
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130710161843.398026-000
Event Type: Audit Success
User:



===== تقرير انهيار البرامج =====

==================================================
Process File : plugin-container.exe
Event Name : Stopped working
Event Time : 27/09/2013 10:40:08 م
User Name : الــشــيــخ
Exception Code : 0xc0000005
Exception Offset : 0x052cb5ed
Fault Module Name : StackHash_2264
Fault Module Version: 0.0.0.0
Process Path : C:\Program Files\Mozilla Firefox\plugin-container.exe
Report File Size : 23,322
Report File Path : C:\Users\الــشــيــخ\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_plugin-container_429065ac53212e51d03286d2a6cc9d81ab77d0f7_1312909d\Report.wer
==================================================




===== تقرير الشاشة الزرقاء =====

 

[Devil Eye]

ممكن هذا التقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ولو تكرمت ممكن تقولى امتى بتظهر المشكلة
واذا امكن صورة من ادارة الاجهزة

 

[maelkassas]

ممكن هذا التقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ولو تكرمت ممكن تقولى امتى بتظهر المشكلة
واذا امكن صورة من ادارة الاجهزة

المشكلة اتكررت انابستخدم البرنامج دا Ashampoo UnInstaller 5
علشان الغي تسطيب برنامج في نص عملية الغاء التسطيب لاقيت الشاشة ازرقت وظهر فيها كلام كتير والجهاز restart
لو البرنامج في مشكلة الغي تسطيبه

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:20:06 ص, on 29/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\DFX\DFX.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\C2MP\UpdateChecker.exe
C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ctfmon] CTFMON.EXE
O4 - HKLM\..\Run: [DFX] C:\Program Files\DFX\DFX.exe -startup
O4 - HKLM\..\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\System32\C2MP\UpdateChecker.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASO3DiskOptimizer - Systweak Software, (

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

--
End of file - 7016 bytes