مشكله مدري ويش هي بس اعتقد انها فايروسات

[تعب]

السلام عليكم و رحمة الله و بركاته..​

عندي مشكله في الجهاز والله مدري ويش هي..بالضبط..​

قبل فتره سويت فرمته للجهاز و المهندس اللي فرمته حذف كل اللي فيه من غير ما يحفظه..​

وديته لمهندس ثاني نزل برنامج و رجع الملفات لكن ما استفدت منها شي لانه كلها رجعت معطله​

المهم من بعدها ألاحظ انه الجهاز ما يمديه يجلس كم يوم الا و يتعطل من جديد من كثره الفيروسات اللي تجيه .. فاضطر اسويله فرمته من جديد لكنه يرجع يتعطل..​

المهم الحين اخر مره سويت له فرمته امس و المهندس نزل برنامج AVGبدل الكاسبر على اعتبار انه احسن.. على حسب كلامه..!
و اليوم طلعت لي أشياء غريبه مدري ما يمديني اجلس على النت دقايق الا يطلع لي رساله تحذير من
برنامج الحمايه..​

بصراحه ما فهمت وش هي .. لكن كل الملفات الصوتيه ما صارت تشتغل و لا برنامج الوافي
و يمكن في برامج ثانيه مدري عنها..​

بس تكفووون حاولوا تساعدوني شوفوا الرسايل اللي تطلع لي هو شكله فايروسات مدري كيف احذفها
لانه ما عندي اي خلفيه او معرفه بالصيانه و خبرتي بسيطه في الكمبيوتر فيا ريت تساعدوني..
من غير فورمات لانه الجهاز انهلك من كثرتها:er:​

هذه الرساله الأولى و من عندي احط اشاره على المربع اللي تحت و اختار remove threats
و بعد شوي يطلع لي المربع اللي تحت
777
و من عندي اقفله:f:​

:::::​

و بعدين يطلع لي رساله ثانيه:f:

القائمه طويله توصل تقريبا للثلاثين
و اختار نفس الخيار اللي فوق.. و يطلع لي مربع ثاني نفس الشي اقفله​

:::::​

و شوي يطلع لي هذا المربع و اختار نفس الاختيار:cr:

وفي رسايل ثانيه تطلع مشابهة لها..​

و طول الوقت على نفس المنوال:f:​

فتكفوووون ساعدوني..​

الله يجزاكم خير .. و يوفقكم..و يسعدكم دنيا و آخره..​

 

[MAAX]

اعمل تقرير هايجاك والصقه التقرير بردك القادم

 

[تعب]

ابشر...



و هذا التقرير بعد اعاده التنظيف بالاداه


Engine initialisation failed with engine error 8
Engine initialisation failed with engine error 8
Engine initialisation failed with engine error 8
Engine Version : 5300.2777
Engine Load Time : 20172 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (No Action Taken (Clean failed) )
Process : C:\DOCUME~1\emt\LOCALS~1\Temp\wintbkedy.exe\wintbkedy.exe : contains "Trojan" called "Generic BackDoor.ai" (Deleted )
Memory : Deleted
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's ****** directories
******s : Clean
c:\pagefile.sys : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\SYSTEM : Scan Failed
c:\WINDOWS\system32\config\SOFTWARE : Scan Failed
c:\WINDOWS\system32\config\DEFAULT : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\emt\NTUSER.DAT : Scan Failed
c:\Documents and Settings\emt\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\emt\Local Settings\Temp\Perflib_Perfdata_110c.dat : Scan Failed
c:\Documents and Settings\emt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\emt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Program Files\Adobe\Photoshop CS\Samples\Droplets\ImageReady Droplets\Constrain 350, Make JPG 30.exe : Scan Failed
c:\Program Files\Java\jre1.6.0_03\bin\pack200.exe : Scan Failed
c:\Program Files\Java\jre1.6.0_03\bin\tnameserv.exe : Scan Failed
c:\Program Files\Java\jre1.6.0_03\bin\unpack200.exe : Scan Failed
c:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe : Scan Failed
c:\Program Files\Ahead\Nero Toolkit\DMAManager.exe : Scan Failed
c:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe : Scan Failed
c:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe : Scan Failed
File : c:\Program Files\Real_SC\opt.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
c:\Program Files\Real_SC\opt.exe : Deleted
File : c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001167.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001167.exe : Deleted
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001181.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001182.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001183.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001184.EXE : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001185.EXE : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001186.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001187.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001194.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001218.exe : Scan Failed
File : c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001222.exe : contains "Trojan" called "Generic PWS.y" (Deleted )
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001222.exe : Deleted
File : c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001261.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001261.exe : Deleted
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001306.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001307.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001309.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001310.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001311.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001312.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001319.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001325.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001331.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001377.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001411.exe : Scan Failed
c:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001412.exe : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 39978
FilesScanned : 26250
FilesNotScanned : 13728

******sFound : 70821
******sInfected : 56
******sCleaned : 50
******sDeleted : 5

FilesInfected : 4
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 4

Started at : 04:30:07 م 30 محرم, 1430
Ended at : 05:01:51 م 30 محرم, 1430
Duration : 31 minutes 44 seconds
3110 MB scanned in 1904 seconds = 1672 KB/s
Engine Version : 5300.2777
Engine Load Time : 21922 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

File : d:\LOSTFILE\DIR390\CA44ZN2E.htm : contains "Trojan" called "Exploit-ObscuredHtml" (Deleted )
d:\LOSTFILE\DIR390\CA44ZN2E.htm : Deleted
File : d:\LOSTFILE\DIR289\opt.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
d:\LOSTFILE\DIR289\opt.exe : Deleted
File : d:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001413.exe : contains "Virus" called "W32/Sdbot.worm" (Deleted )
d:\System Volume Information\_restore{338DF107-490B-42D2-937E-022292D13558}\RP17\A0001413.exe : Deleted

Summary :-
FilesFound : 40454
FilesScanned : 27337
FilesNotScanned : 13117

******sFound : 64423
******sInfected : 3
******sCleaned : 0
******sDeleted : 3

FilesInfected : 3
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 3

Started at : 05:02:16 م 30 محرم, 1430
Ended at : 05:23:32 م 30 محرم, 1430
Duration : 21 minutes 16 seconds
1937 MB scanned in 1276 seconds = 1554 KB/s
Engine Version : 5300.2777
Engine Load Time : 20984 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 23856
FilesScanned : 13907
FilesNotScanned : 9949

******sFound : 61373
******sInfected : 0
******sCleaned : 0
******sDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 05:23:54 م 30 محرم, 1430
Ended at : 05:37:25 م 30 محرم, 1430
Duration : 13 minutes 31 seconds
1296 MB scanned in 811 seconds = 1637 KB/s
Engine Version : 5300.2777
Engine Load Time : 20375 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.exe : contains "Trojan" called "W32/Sality!mem" (No Action Taken (Clean failed) )
Process : C:\DOCUME~1\emt\LOCALS~1\Temp\winoeosod.exe\winoeosod.exe : contains "Trojan" called "Generic BackDoor.ai" (Deleted )
Memory : Deleted
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's ****** directories
******s : Clean
c:\pagefile.sys : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\SYSTEM : Scan Failed
c:\WINDOWS\system32\config\SOFTWARE : Scan Failed
c:\WINDOWS\system32\config\DEFAULT : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\emt\NTUSER.DAT : Scan Failed
c:\Documents and Settings\emt\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\emt\Local Settings\Temp\Perflib_Perfdata_13c4.dat : Scan Failed
c:\Documents and Settings\emt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\emt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Program Files\Java\jre1.6.0_03\bin\tnameserv.exe : Scan Failed
c:\Program Files\Java\jre1.6.0_03\bin\unpack200.exe : Scan Failed
c:\Program Files\Ahead\Nero Toolkit\DMAManager.exe : Scan Failed
c:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe : Scan Failed
c:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 40673
FilesScanned : 26552
FilesNotScanned : 14121

******sFound : 72444
******sInfected : 52
******sCleaned : 50
******sDeleted : 1

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 09:57:19 م 30 محرم, 1430
Ended at : 10:23:25 م 30 محرم, 1430
Duration : 26 minutes 6 seconds
3020 MB scanned in 1566 seconds = 1974 KB/s
Engine Version : 5300.2777
Engine Load Time : 21218 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 40442
FilesScanned : 27326
FilesNotScanned : 13116

******sFound : 64410
******sInfected : 0
******sCleaned : 0
******sDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 10:23:47 م 30 محرم, 1430
Ended at : 10:44:35 م 30 محرم, 1430
Duration : 20 minutes 47 seconds
1927 MB scanned in 1247 seconds = 1582 KB/s
Engine Version : 5300.2777
Engine Load Time : 22141 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 23851
FilesScanned : 13903
FilesNotScanned : 9948

******sFound : 61368
******sInfected : 0
******sCleaned : 0
******sDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 10:44:58 م 30 محرم, 1430
Ended at : 10:58:01 م 30 محرم, 1430
Duration : 13 minutes 2 seconds
1294 MB scanned in 782 seconds = 1695 KB/s

 

[KoNaMi]

حبيب قلبي الاخ الاستاذ ماااكس يقصد تقرير الهاجيك

تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
​

 

[MAAX]

حبيب قلبي الاخ الاستاذ ماااكس يقصد تقرير الهاجيك​

تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

:d:

 

[تعب]

حبيب قلبي الاخ الاستاذ ماااكس يقصد تقرير الهاجيك​

تقرير هايجاك
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

:b:​

ان شاااء الله​

:q:​

KoNaMi تسلم والله يجزاك خير على التوضيح..يسعدك ربي​

MAAX

مو قلتلك الله يعينك علي و على جهازي :​

الله يكتب اجرك و يحفظك و يسعدك دنيا واخره قول آمين ​

باصلح التقرير و اضيفه في الرد القادم باذن الله​

 

[تعب]

و هذا تقرير الهايجاك


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:17 ص, on 27/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\emt\LOCALS~1\Temp\viya.exe
C:\Documents and Settings\emt\My Documents\Zyzoom_HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe "C:\DOCUME~1\emt\LOCALS~1\Temp\winxqon8.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\emt\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
--
End of file - 5351 bytes

 

[KoNaMi]

الين يجي الاستاذ ماكس

احذف التالي يالغلا

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

طريقة الحذف للاكس بي​

​

​

​

بعدين استخدم هذة الاداة للتنظيف

اداة دكتور ويب

فحص وتنظيف وهي بدون تثبيت

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهذا رابط اخر للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

(( اذا كنت تستخدم كاسبر أعمل له خروج من جوار الساعه أولاً ))

شرح عمل الاداة ::

بعد التحميل نقوم بتشغيلها .. ونعمل كما بالصور ::

ثم

ثم ننتظر قليلاً يتم فحص الذاكرة فقط ..

وبعد الانتهاء نعمل كما بالصوره للفحص الشامل للجهاز

وفي حال العثور على فايروس أثناء الفحص وظهرت هذه الرساله

نعمل الاتي لحذف الاصابه وتنظيفها ::

ثم ننتظر أنتهاء الفحص الشامل (( قد يتأخر الفحص على حسب حجم ملفاتك على الجهاز ))

وعند الانتهاء نعمل الاتي ::

ثم نقوم بحذف الفايروسات المكتشفه ::

بعدين هاجيك جديد
​

​

​

 

[تعب]

KoNaMi​

جزاك الله خير على مبادرتك و جميل تعاونك​

نفذت كل الخطوات اللي ذكرتها لكن البرنامج الى الحين ما انتهى انت ذكرت انه يطول​

لكني مشغله من امس الليل الساعه 12 و نص تقريبا و الى الحين ما انتهى​

مو كانه طول ؟؟ و غير كذا من وقت طويل و هو واقف عند نفس النقطه ( الشريط الاخضر اللي تحت)​

مع ان الفحص شكله شغال و بتتغير الملفات لكن الشريط ثابت!​

 

[sdook]

KoNaMi​

جزاك الله خير على مبادرتك و جميل تعاونك​

نفذت كل الخطوات اللي ذكرتها لكن البرنامج الى الحين ما انتهى انت ذكرت انه يطول​

لكني مشغله من امس الليل الساعه 12 و نص تقريبا و الى الحين ما انتهى​

مو كانه طول ؟؟ و غير كذا من وقت طويل و هو واقف عند نفس النقطه ( الشريط الاخضر اللي تحت)​

مع ان الفحص شكله شغال و بتتغير الملفات لكن الشريط ثابت!​

يالغلا تركه يكمل فحصه وزي ماتشوف البرنامج نظف جهازك ومن الصوره يبين انه صاد فيروسات:d:
((اسمحو لينا اخواني كونامي وماكس ادري دخلت عليكم عرض في الموضوع)):hh::hh:
ويالغلا قم بالتالي

شرح تعطيل إستعادة النظام​

​

​

 

[تعب]

Sdook​

جزاك الله خير على الاهتمام و المتابعه​

و مثل ما قلت في ردك
تركته يكمل لكنه الى الحين و هو باقي يشتغل​

يعني له تقريبا يومين و البرنامج شغال لكنه واقف عند نفس النقطه ما تحرك​

و بالنسبه لايقاف استعاده النظام فهذا اللي سويته..تسلم على التذكير ​

لكن المشكله في البرنامج انه الى الان و هو واقف عند نفس النقطه ما تحرك و لا
خلص الفحص​

و هذه صوره البرنامج الحين و هو بيفحص​

تلاحظ انه من ردي امس الى ردي هذا و هو يشتغل
لكن لا جديد واقف على نفس حالته