تم حل المشكلة لم يتمكن windows من العثور على c:\documents and settings

الحالة
مغلق و غير مفتوح للمزيد من الردود.
ع

عبد العزيز فياز

زيزوومي جديد
إنضم
26 فبراير 2011
المشاركات
12
مستوى التفاعل
0
النقاط
20
غير متصل
°*¤©§][...!!آلســلآمــ عــليــكــمــ ورحــمــة الله وبــركــآتــهــ!!...][§©¤*°



آهـلآًوسـهـلآًبـآعـضـآء وزوآرمـنـتـديـآتـ زيـزووم ـللآمـن ـوآلحـمـآيـة




آخـوآنـيـ عـنـديـ مـشـكـلة فـيـ جـهـآزيـ لمـآ آشـغـلة


يـظـهـر ليـ مـربـعـ حـوآر وهـذيـ آلصـورة
GFHG.webp
 

هل المشكله تظهر فجأه ؟
ام اذا دخلت مجلد او فتحت ملف ؟
 
توقيع : Mr.AzOz
تظهر بعد كل تشغيل للجهاز
 
توقيع : Mr.AzOz
تقرير أداة RKILL

Rkill 2.6.9 by Lawrence Abrams (Grinler)
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


Program started at: 01/07/2015 11:53:57 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/07/2015 11:54:48 AM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)

 
التعديل الأخير:
تقرير الفحص لـ ماالوير باايتس

Malwarebytes Anti-Malware
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


Scan Date: 17/03/1436
Scan Time: 12:05:47 م
Logfile: تقرير الفحص لـ ماالوير باايتس.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.07.06
Rootkit Database: v2015.01.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: ?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 369753
Time Elapsed: 1 hr, 26 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Vonteera.A, HKU\S-1-5-21-1454471165-1957994488-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vonteera Safe ads, Quarantined, [6b9510f007f99a6667d8b2cac83b16ea],

Registry Values: 1
Adware.Agent, HKU\S-1-5-21-1454471165-1957994488-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ArHome, "C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Application Data\ARHome\Updater.exe", Quarantined, [db257f81966af40c35c9b4c76b9a4ab6]

Registry Data: 3
PUP.Optional.ArabyOnline.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
, Good: (
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
), Bad: (
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[c53b09f75aa6eb1550080383e223936d]
PUP.Optional.ArabyOnline.A, HKU\S-1-5-21-1454471165-1957994488-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
, Good: (
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
), Bad: (
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


Folders: 1
PUP.Optional.ARHome.A, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Application Data\ARHome, Quarantined, [619f10f0926e4bb59af23f12fe0552ae],

Files: 50
Adware.Agent, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Application Data\ARHome\Updater.exe, Quarantined, [db257f81966af40c35c9b4c76b9a4ab6],
PUP.Optional.Somoto.A, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Local Settings\Temp\FLVPlayerSetup.exe, Quarantined, [0ef288786b95ac54131c939f7d830000],
Adware.Agent, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Local Settings\Temp\uUItppu, Quarantined, [ee12c13fb050cc3418e6a0db8184fc04],
PUP.Optional.Bundle, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Local Settings\Temp\smt_mystartsearch.exe, Quarantined, [9c64fb05ae5226dafd5c46a77a874eb2],
Trojan.Agent.CK, C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP47\A0013276.exe, Quarantined, [3bc505fbd72910f0fd5c82c823df5ea2],
Adware.Agent, C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014134.exe, Quarantined, [10f08c742cd424dc4eb0adce1aebac54],
PUP.Optional.Vonteera, C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014137.dll, Quarantined, [9c6451af16ea8c749973ce39f60cf30d],
PUP.Hacktool.Patcher, D:\?¨?§???´ ??U??¹U?U? ?¯?§U?U?U?U??¯ U??§U??¬?± ?§U??¬?¯U??¯\IDM.v6.xx.release.3-patch.exe, Quarantined, [21df43bd0ef2a25e6d956d993ac6f20e],
PUP.Optional.OpenCandy, D:\?¨?±?§U??¬\GOMPLAYERENSETUP_2.EXE, Quarantined, [02fe847c6c9437c98e35347de91cb34d],
PUP.Optional.OpenCandy, D:\?¨?±?§U??¬\PhotoScape_V3.6.3.exe, Quarantined, [f01007f923dd34cc8f34c3ee57ae7789],
RiskWare.Tool.CK, D:\?¨?±?§U??¬\OZOMEDIA9_by_ mr.malik4ever-www.soft-city.net\KeygenU??U?U? ?§U??µU???U??§?? U??§U?U?U??¯U?U? 9\Keygen.exe, Quarantined, [4db32cd4da268977b8cc71d807fb9f61],
PUP.Optional.Softonic.A, D:\?¨?±?§U??¬\???¹?±U?U? U??§U?U??±?§ ??U??´U??¨?§ c6060\SoftonicDownloader_for_cyberlink-youcam.exe, Quarantined, [38c842be5ea21ee29158d76942bfd62a],
PUP.Hacktool.Patcher, D:\?¨?±?§U??¬\??U??¹U?U? ?¯?§U?U?U?U??¯ U??§U??¬?± ?§U??¬?¯U??¯\basem elhlawany.rar, Quarantined, [d62a45bbe61af20ee919bd4942be966a],
PUP.Hacktool.Patcher, D:\?¨?±?§U??¬\??U??¹U?U? ?¯?§U?U?U?U??¯ U??§U??¬?± ?§U??¬?¯U??¯\IDM.vbasem elhlawany.exe, Quarantined, [11ef2ad6e818af513ac8da2c41bf32ce],
PUP.Hacktool.Patcher, D:\?¨?±?§U??¬\??U??¹U?U? ?¯?§U?U?U?U??¯ U??§U??¬?± ?§U??¬?¯U??¯\?¨?§???´ ??U??¹U?U? ?¯?§U?U?U?U??¯ U??§U??¬?± ?§U??¬?¯U??¯\IDM.v6.xx.release.3-patch.exe, Quarantined, [6e928d7357a94bb505fd25e167999e62],
HackTool.Wpakill, D:\?¨?±?§U??¬\??U??¹U?U? U?U?U??¯U??² 7\RemoveWAT.zip, Quarantined, [06fae41c49b756aae770bdaf5ba549b7],
RiskWare.Tool.CK, D:\?¨?±?§U??¬\Kelk 2010 Patch v1\Kelk 2010 Patch v1.exe, Quarantined, [12ee26dae9170df3ce924b0520e2aa56],
RiskWare.Tool.CK, D:\?¨?±?§U??¬\Kelk 2010 Patch v1\Kelk2010PatcherV2.2.exe, Quarantined, [59a7d72946baa45cc4e779f042be03fd],
RiskWare.Tool.CK, D:\?¨?±?§U??¬\Kelk 2010 Patch v1\Kelk2010PatcherV2.2.zip, Quarantined, [26da857b56aaae52c9e2f475cd33c739],
PUP.Optional.OpenCandy, D:\?¨?±?§U??¬\MyEgY.K-Lite Mega Codec Pack 10.1.5.By.FOUADY\k-lite-codec-pack-10.1.5.exe, Quarantined, [877911efa7595fa16a59961b877e59a7],
PUP.Optional.OpenCandy, D:\?¨?±?§U??¬ ?¬U??§U??§??\iphonebackupextractor-latest.exe, Quarantined, [1de3748c3bc505fb2c972e83e5200000],
PUP.Optional.OpenCandy, D:\?¨?±?§U??¬2\MyEgy.Com WinZip Pro 15.5 Build 9510 By MR ! HERO\MyEgy.Com WinZip Pro 15.5 Build 9510 By MR ! HERO.rar, Quarantined, [03fd7c84f50b8a7606bd228fc4412ad6],
PUP.Optional.OpenCandy, D:\?¨?±?§U??¬2\MyEgy.Com WinZip Pro 15.5 Build 9510 By MR ! HERO\WinZip Pro 15.5 Build 9510\winzip155.exe, Quarantined, [718fca3646ba619f8a39a20fae578f71],
Trojan.Agent.CK, D:\?¨?±?§U??¬2\MyEgY.CoM.WinRAR 4.20 Beta 2.By.vibration\Keygen.exe, Quarantined, [d42c46ba4bb598689dbc53f71ce620e0],
Trojan.Agent.CK, D:\?¨?±?§U??¬2\MyEgY.CoM.WinRAR 4.20 Beta 2.By.vibration\MyEgY.CoM.Keygen.exe, Quarantined, [3bc525db7090af5172e7d17962a0d52b],
Trojan.Agent.CK, D:\?¨?±?§U??¬2\MyEgY.CoM.WinRAR 4.20 Beta 2.By.vibration\MyEgY.CoM.WinRAR 4.20 Beta 2.By.vibration.rar, Quarantined, [89774fb103fd936dfc5d2b1f05fd2dd3],
Hacktool.Agent, D:\?¨?±?§U??¬2\Windows.Loader.2.1.5\Windows Loader.exe, Quarantined, [0ef233cdcc34a25e2a752545af52c53b],
Hacktool.Agent, D:\?¨?±?§U??¬2\Windows.Loader.2.1.5\windows.loader.2.1.5.zip, Quarantined, [b54bb9477c84817f643b07639a679f61],
Application.FindKey, E:\??U??´U??· U?U?U??¯U??² ?§U??³ ?¨U?\zyzoom-48fffe987a.rar, Quarantined, [6997b749fc04a8583ae70a43a45e07f9],
Application.FindKey, E:\??U??´U??· U?U?U??¯U??² ?§U??³ ?¨U?\For_XP\keyfinder.exe, Quarantined, [b94747b9ba466c94160b0c419270cd33],
Hacktool.WGAFix, E:\??U??´U??· U?U?U??¯U??² ?§U??³ ?¨U?\For_XP\wga-fix.exe, Quarantined, [11efde22ef11748cba8aa0afe31f2ad6],
Malware.Tool, E:\??U??´U??· U?U?U??¯U??² ?§U??³ ?¨U?\For_XP\Windows XP Keygen.exe, Quarantined, [dd2338c81fe1b54becaab39c1de56898],
PUP.Optional.OpenCandy, E:\U??¬U??¯ ?¬?¯U??¯\AutoPlay\Docs\Prog\CD & DVD\DAEMON Tools Lite 4.45\DTLite4451-0236.exe, Quarantined, [cc341ce49b6517e9eed5d0e1de27d42c],
Spyware.Password, e:\U??¬U??¯ ?¬?¯U??¯\autoplay\docs\prog\internet & download\idm 6.08 beta\patch\?§?³???®?¯U? U??°?§ ?§U??¨?§???´ ?§U?U??§\sndk&p.exe, Quarantined, [cc3404fcd8288a7650f4a9619e63ef11],
PUP.Hacktool.Patcher, e:\U??¬U??¯ ?¬?¯U??¯\autoplay\docs\prog\internet & download\idm 6.08 beta\patch\?«U? ?§?³???®?¯U? U??°?§ ?§U??¨?§???´\patch .xx 2.exe, Quarantined, [f10f2bd55ba540c0d52d5da9ec145da3],
PUP.Hacktool.Patcher, e:\U??¬U??¯ ?¬?¯U??¯\autoplay\docs\prog\internet & download\idm 6.08 beta\patch\?«U? ?§?³???®?¯U? U??°?§ ?§U??¨?§???´\patch 6.xx.exe, Quarantined, [f40c41bf847ca35d33cf4bbbd030af51],
Dont.Steal.Our.Software, e:\U??¬U??¯ ?¬?¯U??¯\autoplay\docs\prog\security\malwarebytes anti-malware 1.51.0.1200-final\keygen\redkg.exe, Quarantined, [6f91a55be31d38c88f53ec85e61f48b8],
Dont.Steal.Our.Software, e:\U??¬U??¯ ?¬?¯U??¯\autoplay\docs\prog\security\malwarebytes anti-malware 1.51.0.1200-final\keygen\redkg.exe.old, Quarantined, [b947be429e62f907ffe38ce5788d3ec2],
PUP.Hacktool.Patcher, E:\U??¬U??¯ ?¬?¯U??¯\AutoPlay\Docs\Prog\Security\SUPERAntiSpyware 5\Active\Patch Generic superantispyware pro v5.x by JCVO.exe, Quarantined, [4db30cf4e0202bd58082679f18e86799],
PUP.Keygen.Intro, E:\U??¬U??¯ ?¬?¯U??¯\AutoPlay\Docs\Prog\Utilities\TuneUp Utilities 2012 v12.0.2160.13\keygens\CORE10k.EXE, Quarantined, [05fb837d649ca858859ece5c26df6e92],
Malware.Packer, E:\U??¬U??¯ ?¬?¯U??¯\AutoPlay\Docs\Prog\Utilities\TuneUp Utilities 2012 v12.0.2160.13\keygens\keygen.exe, Quarantined, [d92705fb02fe40c0d6b17bf1e020ea16],
Spyware.Password, e:\system volume information\_restore{2326d391-a7ed-4004-abc0-491dfd3c12d6}\rp55\a0015940.exe, Quarantined, [c23e8e72738d7c846ada58b28f7256aa],
PUP.Hacktool.Patcher, e:\system volume information\_restore{2326d391-a7ed-4004-abc0-491dfd3c12d6}\rp55\a0015941.exe, Quarantined, [768a52ae32ced22e56acf2148e729769],
PUP.Hacktool.Patcher, e:\system volume information\_restore{2326d391-a7ed-4004-abc0-491dfd3c12d6}\rp55\a0015942.exe, Quarantined, [649c2ed2b050847c41c11aec25db5da3],
Dont.Steal.Our.Software, e:\system volume information\_restore{2326d391-a7ed-4004-abc0-491dfd3c12d6}\rp55\a0015943.exe, Quarantined, [916fde22b54b3cc4eaf8442ddb2a6d93],
Dont.Steal.Our.Software, e:\system volume information\_restore{2326d391-a7ed-4004-abc0-491dfd3c12d6}\rp55\a0015944.old, Quarantined, [6d9352ae34ccda262db5b2bf0401649c],
PUP.Optional.OmigaPlus.A, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Local Settings\Temp\smt_omiga-plus.exe, Quarantined, [2cd449b76799b64aef8d6e16f310d52b],
PUP.Optional.ARHome.A, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Application Data\ARHome\qhnsjt.dat, Quarantined, [619f10f0926e4bb59af23f12fe0552ae],
PUP.Optional.ArabyOnline.A, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
");), Replaced,[cb35e51b5ea2e917dce0e3e359ac6f91]
PUP.Optional.ArabyOnline.A, C:\Documents and Settings\?¹?¨?¯ ?§U??¹?²U??² ?§U??£U??¬?¯U?\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
");), Replaced,[946cc13ffb05ca3607b7ba0cfb0aa45c]

Physical Sectors: 0
(No malicious items detected)


(end)
 
تقرير الفحص لـ برنامج الفحص السحابى Hitman Pro

كود: 
HitmanPro 3.7.9.232
www.hitmanpro.com

  Computer name . . . . : DARULERS-A44CAB
  Windows . . . . . . . : 5.1.3.2600.X86/2
  User name . . . . . . : DARULERS-A44CAB\عبد العزيز الأمجدي
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2015-01-07 12:23:07
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 8m 15s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : Yes

  Threats . . . . . . . : 4
  Traces  . . . . . . . : 16

  Objects scanned . . . : 497,343
  Files scanned . . . . : 9,117
  Remnants scanned  . . : 61,731 files / 426,495 keys

Malware _____________________________________________________________________

  C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\ARHome\Updater.exe -> Deleted
  Size . . . . . . . : 187,472 bytes
  Age  . . . . . . . : 76.9 days (2014-10-22 14:19:24)
  Entropy  . . . . . : 6.5
  SHA-256  . . . . . : 860346C77609B1D4356D5219CF4DC2B72F0F195C7F26EDC450EBA1AEE367A109
  RSA Key Size . . . : 2048
  Authenticode . . . : Valid
  > Bitdefender  . . . : Application.Generic.1003759
  Fuzzy  . . . . . . : 104.0
  Startup
  HKU\S-1-5-21-1454471165-1957994488-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ArHome
  HKU\S-1-5-21-1454471165-1957994488-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ArHome
  References
  HKU\S-1-5-21-1454471165-1957994488-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\ARHome\Updater.exe
  HKU\S-1-5-21-1454471165-1957994488-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\ARHome\Updater.exe

  C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\scope_dir\scope.exe -> Deleted
  Size . . . . . . . : 82,512 bytes
  Age  . . . . . . . : 16.0 days (2014-12-22 11:21:54)
  Entropy  . . . . . : 6.4
  SHA-256  . . . . . : 355E2DEBEE95B1BCAFABAA2C93B80AFA6024D7BA23BAD1FA5301E564DDE4F3BB
  RSA Key Size . . . : 2048
  Authenticode . . . : Valid
  > Bitdefender  . . . : Gen:Variant.Graftor.169175
  Fuzzy  . . . . . . : 105.0
  Startup
  HKU\S-1-5-21-1454471165-1957994488-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\scope_dir
  HKU\S-1-5-21-1454471165-1957994488-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\scope_dir
  References
  HKU\S-1-5-21-1454471165-1957994488-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\scope_dir\scope.exe
  HKU\S-1-5-21-1454471165-1957994488-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\scope_dir\scope.exe
  Forensic Cluster
  -1.3s C:\WINDOWS\system32\GroupPolicy\
  -1.3s C:\WINDOWS\system32\GroupPolicy\gpt.ini
  -1.3s C:\WINDOWS\system32\GroupPolicy\Machine\
  -1.3s C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol
  -1.3s C:\WINDOWS\system32\GroupPolicy\User\
  -1.2s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\searchPlugins\
  -1.0s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014138.pol
  -1.0s C:\Documents and Settings\All Users\ntuser.pol
  -0.7s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\VolIE\
  -0.4s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014151.ico
  -0.4s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014152.manifest
  -0.4s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\VolIE\FoxPro_32.dll
  -0.4s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\VolIE\onload.js
  -0.2s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\scope_dir\
  0.0s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\scope_dir\scope.exe
  1.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\last-update.log
  3.0s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP51\A0014311.exe
  5.1s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014187.exe
  6.4s C:\Program Files\Mozilla Firefox\uninstall\uninstall.update
  7.7s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20141126041045
  7.9s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014188.ini
  9.3s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014189.ini
  10.9s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014190.exe
  11.8s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\8058150DC3F62CF44C48B07A5893B27FD6092639
  11.9s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\415ADD3BFA2110C54561A2D2628C2F6CF6F3455D
  12.5s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\active-update.xml
  12.5s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates.xml
  15.0s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\90EE3CF66258DE9C9A1291A543C4542722FC76A8
  15.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\25018D6F282D3F1797EF8F674691B6D60529255F
  15.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\779B8AB09AE872411CD7AC54BC786105F075A291
  15.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\A7C7D52919BE5C5FF3A548DE97C6724B3E4A9F81
  17.4s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\4A516AB35AEF0B37CE3E3CF3556A298BBA82E8E3
  17.5s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\sessionstore-backups\upgrade.js-20141126041045
  18.8s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\FEF699D62308938DBD9BA8468C650774383C683A
  18.8s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\1A328E46B257B8C1599467042CB83585468C5345
  18.8s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\679CEEF4DF21441CB278A820CD9BFCB5387309C2
  21.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\813ACF1718075ED56539DADC4B374EA989FFFE7D
  21.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\03C21EE2B4622EDDF71BCFD9512B9BFF83E69234
  21.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\96BC25FE64102D2E2CC44D52AFD1CB998ADC166A
  21.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\4315DA8FB5121D961C8EE6FF37818991E60D8201
  21.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\01C384EBB27084C3D695F86E3D0529AFC12352B4
  22.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\A9E14A7DDA5845DD1F8D36822BB098234B8199AD
  22.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\CFE51EBEE272DF3F404FE56FA80CDB75300F3B03
  22.7s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\46E5DEB177F68343AB097A7E82CE11C9CE327765
  22.7s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\07F42ECDF61ACC05572F7158DBE2A1233DD39243
  22.7s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\8891AD2FE738215ED74B9E741A01DA519EC4D4C0
  23.1s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\811A091F81378ADA4ED48BEB8BFFD92626F80B38
  23.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\0E58A190471AE6EEBC7660E22CCA59A604DB4BA6
  23.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\39BEB9A416B91FFB92FF08B36C52C09E926819CC
  23.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\2D4E28FA22D25680B4938A4BED985F85DF23DBB0
  23.6s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\A1AC5035F9D9537AA235880E99AD2DFD76793988
  23.6s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\D4AB47217286B7472D7BA16E4F63287563769757
  23.6s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\3AD7AB86CF36D61FBD11333E61ABD1B885B3C126
  26.8s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\datareporting\
  26.8s C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\datareporting\state.json
  28.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\D0B790F0C486943CC5409CC6EBEC4CACB9012093
  28.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\2991AA85D72116550B65466FDFD1CC42FD9D77FF
  28.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\9106646583E7AEE22B803436B736D1C6AA06AF16
  28.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\A18D00903D6D1857F8C0EE85DA2E85A066245D23
  28.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\FA22D5DC270BA49762C5661B32B93837CC51001C
  28.2s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\5463B6CD0AC3D9BA7F91C50F3DC7BC1ABC3C5CCB
  28.5s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\38B6277350E8CA0BE0A574EA4689606F41E30226
  29.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\826751FCC1C2734FB56ABC1A1AFE1C8C2326AFEF
  29.7s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\C4FC6DCB5BFE5DABF20DFD7B3A453128416B6428
  30.0s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\445A8B90CEAFF24EA896CDDD5F4DAA81AFAA7259
  30.5s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\033DEF6E95D778B09CD141DCFBC821443728B5F1
  31.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\BE23274D0554859A6F38EBB46E60F471A6D3C9D2
  31.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\E10BB459CF0EFF3C0010D2FA5D0217DA9AF64782
  31.4s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\A798F02BC60C21C6B2930E374C02509EFC55C3BA
  31.9s C:\System Volume Information\_restore{2326D391-A7ED-4004-ABC0-491DFD3C12D6}\RP49\A0014193.exe
  32.1s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\D13F5296654CBA66DADA4A61AA99EDD8D543E725
  33.7s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\6A6C04DE2A923EECBA249B14C8870588AD1541EF
  33.8s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\76C6652E8BDA42669C0D2797257C5ABDCAF48C83
  36.3s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\BE790FBDEB19D6FADD9CC94355DEBFF72F6011CF
  36.6s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\3A88321916042365280EA6E364D05EA9C18E6784
  36.6s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\04055068BD630A5D10C9377EE829AC6EF947E37F
  36.6s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\49B049F8728680802FBF741368AC35EA14DF4C62
  36.6s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\991A03DFDB2967C57BCFC15B5D51724F64CECFAE
  38.1s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\5BECC3E8C6627AE925C7C2E9B1F072F7AD1178F9
  39.0s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\A0A3A330C3B776857411127D21FBF2B6129CD992
  39.0s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\B26DC3B6BCC7E218F7200F20EB88C7AFFA520FA5
  41.0s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\2BF0FFD006D0B03C0EB518C44428DFD64212A564
  41.0s C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\cache2\entries\6463187FA93FBE041D600EF204E83E31C304689F

  C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Temp\uUItppu -> Deleted
  Size . . . . . . . : 187,464 bytes
  Age  . . . . . . . : 76.9 days (2014-10-22 14:19:24)
  Entropy  . . . . . : 6.5
  SHA-256  . . . . . : 58F34D01605174D6BAE860F160EAB96DC1089073628B850B277160500EF53CBE
  RSA Key Size . . . : 2048
  Authenticode . . . : Valid
  > Bitdefender  . . . : Trojan.GenericKD.1985544
  Fuzzy  . . . . . . : 103.0

  C:\Documents and Settings\عبد العزيز الأمجدي\Local Settings\Temporary Internet Files\Content.IE5\OR49SXWD\8284b8[1].exe -> Deleted
  Size . . . . . . . : 2,339,920 bytes
  Age  . . . . . . . : 16.0 days (2014-12-22 11:21:30)
  Entropy  . . . . . : 8.0
  SHA-256  . . . . . : BCDA59A59565D964AFAC1F121723244D1469D5F1A2846B697E5691EE6F7D2D15
  RSA Key Size . . . : 2048
  Source URL . . . . : hxxp://www.colompia.info/3eac715/8284b8.exe
  Authenticode . . . : Valid
  > Bitdefender  . . . : Gen:Variant.Zusy.113278
  > Kaspersky  . . . . : Trojan.Win32.Agent.idvs
  Fuzzy  . . . . . . : 108.0


Suspicious files ____________________________________________________________

  C:\Program Files\eDirection\eDP.exe -> Deleted
  Size . . . . . . . : 2,862,888 bytes
  Age  . . . . . . . : 55.9 days (2014-11-12 15:26:48)
  Entropy  . . . . . : 7.9
  SHA-256  . . . . . : 60C051327F68705A5E7A8819A7E27BEB753065886982097F74CA67F459E35AD5
  Product  . . . . . : نظام الإشراف الإلكتروني
  Publisher
  Description  . . . : نظام الإشراف الإلكتروني
  Version  . . . . . : 4.0.0.4
  LanguageID . . . . : 1025
  Fuzzy  . . . . . . : 31.0
  The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
  Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
  The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
  Program contains PE structure anomalies. This is not typical for most programs.
  Authors name is missing in version info. This is not common to most programs.
  References
  C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\الإشراف الإلكتروني\الإشراف الألكتروني.lnk
  C:\Documents and Settings\عبد العزيز الأمجدي\سطح المكتب\الإشراف الألكتروني.lnk

  C:\Program Files\eDirection\RepPreview.dll -> Deleted
  Size . . . . . . . : 666,894 bytes
  Age  . . . . . . . : 55.9 days (2014-11-12 15:26:49)
  Entropy  . . . . . : 7.9
  SHA-256  . . . . . : 20DE925E77046D1FEBEEF519FC10F2F2A88C0F1FA8AE4FCE641F8A6088693D64
  Fuzzy  . . . . . . : 40.0
  The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
  Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
  File belongs to an identified security risk.
  The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
  Program contains PE structure anomalies. This is not typical for most programs.
  Authors name is missing in version info. This is not common to most programs.
  Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
تقرير اداة Adware Cleaner

# AdwCleaner v4.106 - Report created 07/01/2015 at 13:49:28
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : عبد العزيز الأمجدي - DARULERS-A44CAB
# Running from : C:\Documents and Settings\عبد العزيز الأمجدي\My Documents\Downloads\Programs\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\baidu
Folder Deleted : C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\baidu
Folder Deleted : C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\VolIE
File Deleted : C:\Documents and Settings\عبد العزيز الأمجدي\Application Data\Mozilla\Firefox\Profiles\nsswaarl.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\ARHome
Key Deleted : HKCU\Software\NoVooITSet
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ARHome

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v34.0.5 (x86 ar)


*************************

AdwCleaner[R0].txt - [1774 octets] - [07/01/2015 13:47:46]
AdwCleaner[S0].txt - [1642 octets] - [07/01/2015 13:49:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1702 octets] ##########
 
أتمنى أن أكون قد وفقت في عمل المطلوب
 
تمام أخوي ..

كيف الأوضاع الآن ؟
هل مازالت الرساله موجوده ؟
 
توقيع : Mr.AzOz
الحمد لله عملت إعادة تشغيل للجهاز 4 مرات ولم يظهر تلك النافذة بعد إلى الآن
 
بارك الله فيكم وفيما تقدمونه لإخوانكم ونفع الله بكم
 
وفيك أخي الكريم ..
يغلق للإنتهاء ..
 
توقيع : Mr.AzOz
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى