[ تم الحـل ] جهازي ثقيل فقع قلبي تكفون التقرير بالداخل

  • بادئ الموضوع بادئ الموضوع otaifi
  • تاريخ البدء تاريخ البدء
  • المشاهدات 815
الحالة
مغلق و غير مفتوح للمزيد من الردود.
O

otaifi

زيزوومي جديد
إنضم
1 سبتمبر 2007
المشاركات
20
مستوى التفاعل
0
النقاط
20
الإقامة
تبوك
غير متصل
يا اخواني جهازي ثقيل بالمرة دبل كبدي جهاز دل مكتبي مواصفاته اتوقع ممتازه جدا كان الرام واحد حطيته 4 قيقا هارد 160 كور2 ديو ساتا فرمت نصبت قلبت يسار يمين الجهاز ثقيل واحس كأني عايش على ويندوز 95 ورام 32 هذا التقرير

Logfile of HijackThis v1.99.1
Scan saved at 05:28, on 4/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\سطح المكتب\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AmanLinks_Beta_0.0.4 - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Uniblue DiskRescue - Unknown owner - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe" (file missing)


انتظر فزعتكم وتوجيهكم يا شباب
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حياك يالغلا

احذف التالي

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: Uniblue DiskRescue - Unknown owner - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe" (file missing)
طريقة الحذف للاكس بي


mg%20%283%29.png



mg%20%284%29.png


بعدين اعمل الاتي


حمل هذه الاداة من هنا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
او
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد تنزيل الاداة دبل كلك ستظهر لديك مثل هذه النافذة خذ صورة لها وارفقها بردك القادم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



 
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد 0
طبقت المطلوب لكن اثناء الحذف تصبح صفحة التقرير فارغة ولا تاتي رسالة تاكيد الحذف علما ان القيمة المراد حذفها راحت بالفعل وهذا التقرير

Logfile of HijackThis v1.99.1
Scan saved at 07:23, on 4/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Documents and Settings\Administrator\سطح المكتب\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AmanLinks_Beta_0.0.4 - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Uniblue DiskRescue - Unknown owner - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe" (file missing)



وهذه الصورة اللي طلبتها وشكرا لك مقدما وبيض الله وجهك وجميع الابطال في هذا المنتدى الرائع

ahar99-88a0be2334.jpg
 
تأييد 0
طبق الي بقولك
كليك يمين على أيقونة جهاز الكمبيوتر => خصائص => استعادة النظام
حط علامة صح على ( تعطيل خاصية استعادة النظام ) => اقبل الحذف => ارجع وفعل خاصية الإستعاده
بعدين
عطل برنامج الحمايه عندك
بعدين حمل الأداة هذي وشغلها
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تطلع لك رسالتين اضغط على ( yes )

ComboFix1.png


ComboFix2.png



انتظر شوي لين ما تخلص من الفحص
واحتمال تسوي اعادة تشغيل لجهازك
وفي حال الإعادة وتشغيل الجهاز من جديد
عطل برنامج الحمايه مره ثانيه لو كان شغال

ComboFix3.png



انتهى الفحص
وجاري اعداد التقرير

ComboFix4.png



هذا هو التقرير انسخه والصقه بردك الجاي
ويستحسن لو ترفعه على رابط

ComboFix5.png



*****************************


بعدين
عطني تقرير لا هنت
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل => شغل البرنامج
Do a system scan and save a log file

HJThis1.png



يطلع لك تقرير => انسخه والصقه بردك القادم
ويستحسن لو ترفعه على رابط

HJThis2.png
 
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
طيب المطلوب في الطريق وشكرا لك مقدما
 
تأييد 0
طيب اعمل الاتي

عطل جميع برامج الحمايه

نزل هذه الاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة


 
توقيع : KoNaMi
تأييد 0
هذا تقرير الكمبو فكس

ComboFix 09-04-04.01 - Administrator 04/05/2009 7:42:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1025.18.3317.2723 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\Cache
c:\windows\system32\d3d10core.dll
c:\windows\system32\D3DX10d_39.dll
c:\windows\system32\dxgi.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 04:47 581,920 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-05 04:45 15,097,632 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-05 04:44 58,664 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-05 04:44 207,404 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-05 04:20 --------- d-----w c:\program files\CodeStuff
2009-04-05 00:48 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-04 17:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-04 02:36 --------- d-----w c:\program files\Anti Trojan Elite
2009-04-03 17:08 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-03 17:08 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-03 17:08 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-03 17:08 --------- d-----w c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-04-03 17:07 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-03 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-03 15:32 --------- d-----w c:\documents and settings\Administrator\Application Data\Ahead
2009-04-02 19:17 --------- d-----w c:\program files\Common Files\Ahead
2009-04-02 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-04-02 19:14 --------- d-----w c:\program files\Nero
2009-04-02 19:14 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-02 17:36 --------- d-----w c:\documents and settings\Administrator\Application Data\AntsSoft
2009-04-02 17:08 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-02 17:08 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-02 17:08 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-02 17:08 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-04-02 17:08 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-04-02 17:03 --------- d-----w c:\program files\PC Connectivity Solution
2009-04-02 17:03 --------- d-----w c:\program files\Nokia
2009-04-02 17:03 --------- d-----w c:\program files\Common Files\PCSuite
2009-04-02 17:03 --------- d-----w c:\program files\Common Files\Nokia
2009-04-02 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-04-02 12:41 --------- d-----w c:\program files\Kelk 2000
2009-04-02 04:21 --------- d-----w c:\program files\مشغل الفلاش العربي
2009-04-02 04:18 --------- d-----w c:\program files\SWFText
2009-04-02 04:04 --------- d-----w c:\program files\Java
2009-04-02 03:53 7,271 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-04-02 03:53 63,637 ----a-w c:\windows\BricoPackUninst.cmd
2009-04-02 03:53 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-02 03:47 --------- d-----w c:\program files\Sun
2009-04-02 02:22 --------- d-----w c:\program files\My Company Name
2009-04-02 02:22 --------- d-----w c:\documents and settings\Administrator\Application Data\AlMAdinahMushaf
2009-04-02 02:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 02:21 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-02 02:21 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-02 02:19 --------- d-----w c:\program files\SWiSHmax
2009-04-02 01:55 --------- d-----w c:\program files\Common Files\Adobe
2009-04-02 01:46 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-02 01:28 --------- d-----w c:\program files\Microsoft Works
2009-04-02 00:41 --------- d-----w c:\documents and settings\Administrator\Application Data\HPAppData
2009-04-02 00:32 --------- d-----w c:\program files\Google
2009-04-02 00:31 --------- d-----w c:\program files\Opera
2009-04-01 23:39 --------- d-----w c:\program files\AmanLinks_Beta_0.0.4
2009-04-01 21:56 2,485 ----a-w c:\program files\Common Files\unins000.dat
2009-04-01 21:55 728,858 ----a-w c:\program files\Common Files\unins000.exe
2009-04-01 21:47 --------- d-----w c:\program files\Windows Defender
2009-04-01 17:59 --------- d-----w c:\program files\DIFX
2009-04-01 17:37 --------- d-----w c:\program files\iColorFolder
2009-04-01 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-01 16:59 --------- d-----w c:\program files\ElcomSoft
2009-04-01 12:32 --------- d-----w c:\program files\Conceptworld
2009-04-01 12:32 --------- d-----w c:\documents and settings\Administrator\Application Data\Conceptworld
2009-04-01 11:40 --------- d-----w c:\program files\Microsoft.NET
2009-04-01 11:33 --------- d-----w c:\program files\MSBuild
2009-04-01 11:31 --------- d-----w c:\program files\MSXML 4.0
2009-04-01 11:20 --------- d-----w c:\documents and settings\Administrator\Application Data\HP
2009-04-01 11:16 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-01 11:09 --------- d-----w c:\program files\HP
2009-04-01 11:09 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-01 11:09 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-01 11:08 --------- d-----w c:\program files\Hewlett-Packard
2009-04-01 11:08 --------- d-----w c:\program files\Common Files\HP
2009-04-01 11:08 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-01 11:03 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-01 02:06 --------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue
2009-04-01 02:03 --------- dc-h--w c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2009-04-01 02:03 --------- d-----w c:\program files\Uniblue
2009-04-01 01:57 --------- dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-04-01 01:53 --------- d-----w c:\program files\Reference Assemblies
2009-04-01 01:45 --------- d-----w c:\documents and settings\All Users\Application Data\Acronis
2009-04-01 01:40 --------- d-----w c:\program files\Intel
2009-04-01 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-04-01 01:35 --------- d-----w c:\documents and settings\LocalService\Application Data\Acronis
2009-04-01 01:23 --------- d-----w c:\program files\GlobalSCAPE
2009-04-01 01:23 --------- d-----w c:\documents and settings\Administrator\Application Data\GlobalSCAPE
2009-04-01 01:18 441,760 ----a-w c:\windows\system32\drivers\timntr.sys
2009-04-01 01:18 44,384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-04-01 01:18 368,544 ----a-w c:\windows\system32\drivers\tdrpman.sys
2009-04-01 01:18 129,248 ----a-w c:\windows\system32\drivers\snapman.sys
2009-04-01 01:18 --------- d-----w c:\program files\Common Files\Acronis
2009-04-01 01:17 --------- d-----w c:\program files\Acronis
2009-04-01 01:00 --------- dc-h--w c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-04-01 00:59 --------- d-----w c:\program files\Windows Live
2009-04-01 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-04-01 00:55 --------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2009-04-01 00:51 --------- d-----w c:\program files\Common Files\ACD Systems
2009-04-01 00:51 --------- d-----w c:\program files\ACD Systems
2009-04-01 00:51 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-01 00:25 --------- d-----w c:\program files\CONEXANT
2009-04-01 00:22 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-01 00:22 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-01 00:22 --------- d-----w c:\program files\Common Files\xing shared
.
------- Sigcheck -------
05/10/2006 08:25 AM 662016 4bc88c82ed023c36f906111864c16bf6 c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
10/16/2008 04:00 AM 664576 71e0031f978a7fcf838ee348b2ecc293 c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
10/16/2008 04:03 AM 665600 0289dd77079e58d054c0d8e55e4dd464 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
10/16/2008 01:22 PM 666112 fe442743c7decee0b3682db82529d9d1 c:\windows\$NtServicePackUninstall$\wininet.dll
04/14/2008 06:59 PM 664576 699b4dbfba7d4201d67c521e5df0670d c:\windows\$NtUninstallKB958215$\wininet.dll
09/12/2006 06:53 AM 663040 705a23dce4cdf6b3df8de4481250d30d c:\windows\$NtUninstallKB958215_0$\wininet.dll
10/16/2008 04:00 AM 664576 71e0031f978a7fcf838ee348b2ecc293 c:\windows\ie8\wininet.dll
03/08/2009 05:34 AM 905728 bfd199b9f007f6934d7c4c43f5507286 c:\windows\ServicePackFiles\i386\wininet.dll
12/21/2008 01:31 AM 826368 5b35855d3e98567aa2c85b2183ea84a7 c:\windows\SoftwareDistribution\Download\306c94e7da52fcfa45b5fbc5082ddc20\SP2GDR\wininet.dll
12/21/2008 02:46 AM 827904 b7515b5012855f6a3bde9be849054067 c:\windows\SoftwareDistribution\Download\306c94e7da52fcfa45b5fbc5082ddc20\SP2QFE\wininet.dll
04/14/2008 06:59 PM 664576 699b4dbfba7d4201d67c521e5df0670d c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\wininet.dll
08/26/2008 10:57 AM 826368 8d2003bbfffd5ff95ea66350e4d1e4c7 c:\windows\SoftwareDistribution\Download\d40590bd9995150537adaa5ab5401235\SP2GDR\wininet.dll
08/26/2008 12:08 PM 827904 bceb6d8a6bea74628db977215081652a c:\windows\SoftwareDistribution\Download\d40590bd9995150537adaa5ab5401235\SP2QFE\wininet.dll
10/16/2008 01:37 PM 657920 aaef0e6c80a04e5c4201f9ca43bce48c c:\windows\SoftwareDistribution\Download\f0e7df64fd50824d6da719cd3cefcaf1\SP2GDR\wininet.dll
10/16/2008 01:22 PM 666112 fe442743c7decee0b3682db82529d9d1 c:\windows\SoftwareDistribution\Download\f0e7df64fd50824d6da719cd3cefcaf1\SP2QFE\wininet.dll
10/16/2008 04:00 AM 664576 71e0031f978a7fcf838ee348b2ecc293 c:\windows\SoftwareDistribution\Download\f0e7df64fd50824d6da719cd3cefcaf1\SP3GDR\wininet.dll
10/16/2008 04:03 AM 665600 0289dd77079e58d054c0d8e55e4dd464 c:\windows\SoftwareDistribution\Download\f0e7df64fd50824d6da719cd3cefcaf1\SP3QFE\wininet.dll
03/08/2009 05:34 AM 905728 bfd199b9f007f6934d7c4c43f5507286 c:\windows\system32\wininet.dll
03/08/2009 05:34 AM 914944 6ce32f7778061ccc5814d5e0f282d369 c:\windows\system32\dllcache\wininet.dll
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\explorer.exe
09/12/2006 06:12 AM 1616384 810316e2e8d32075c8b984320a6011cf c:\windows\$NtServicePackUninstall$\explorer.exe
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\ServicePackFiles\i386\explorer.exe
04/14/2008 06:59 PM 1031168 ca3445dce9eb70a2ca2504e0af5c543f c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\explorer.exe
10/16/2008 03:09 PM 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
04/14/2008 07:00 PM 110592 9498cf0d334b282aa58d1dfc370738de c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\wuauclt.exe
10/16/2008 03:09 PM 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8C564CD-2FA0-4534-AF8D-52F3D054C0EF}]
11/15/2007 03:36 PM 2293760 --a------ c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [11/15/2007 03:36 PM 2293760]
[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [11/15/2007 03:36 PM 2293760]
[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 07:53 PM 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [12/03/2008 01:47 PM 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [04/01/2009 03:21 AM 198160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 04:57 PM 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 04:55 PM 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 04:55 PM 1057328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [08/04/2004 02:59 AM 44544]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [05/10/2006 03:59 AM 180736]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 10/30/2007 09:07 PM 140568 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 10/30/2007 09:11 PM 909208 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 06/12/2008 12:38 PM 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 02/08/2008 07:36 PM 227856 c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 04/14/2008 06:59 PM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 11/03/2008 10:20 AM 166912 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 10/14/2007 10:17 PM 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 08/22/2007 05:31 PM 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 11/03/2008 10:20 AM 134656 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 02/06/2009 07:53 PM 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
--a------ 03/30/2007 04:18 PM 503808 c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 11/03/2008 10:18 AM 134656 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/09/2009 06:19 AM 148888 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 04/01/2009 03:21 AM 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 10/30/2007 09:06 PM 2595616 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 05/02/2008 04:15 PM 1424648 c:\program files\Uniblue\SpyEraser\SpyEraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 11/03/2006 08:20 PM 866584 c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 06/19/2008 05:20 PM 57344 c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 12/26/2008 05:20 PM 18081280 c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-04-03 603904]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [2008-09-10 229648]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [12/11/2008 10:36 PM]
2009-04-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [11/03/2006 08:20 PM]
2009-04-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 06:04 PM]
2009-04-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 06:04 PM]
2009-04-01 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [09/10/2008 06:22 PM]
2009-04-01 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [05/02/2008 04:15 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-05 07:47:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-813497703-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,df,61,15,9b,a4,a2,41,be,6e,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,df,61,15,9b,a4,a2,41,be,6e,d8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1504)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1560)
c:\windows\system32\relog_ap.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
- - - - - - - > 'explorer.exe'(3204)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\Crypserv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\snmp.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 04/05/2009 7:49:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-05 04:49:35
Pre-Run: 40,008,974,336 bytes free
Post-Run: 39,959,613,440 bytes free
339 --- E O F --- 2009-04-02 16:12:34



وهذا تقرير الهاجك ؟؟؟

Logfile of HijackThis v1.99.1
Scan saved at 07:54, on 4/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\سطح المكتب\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AmanLinks_Beta_0.0.4 - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Uniblue DiskRescue - Unknown owner - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe" (file missing)
 
تأييد 0
ياخوي الكاسبار هل هو شغال ومحدث ام متوقف ؟!!
 
توقيع : SUL6AN
تأييد 0
الكاسبر وقفته اثناء الفحص فقط وهو نسخة اصليه ومحدث
 
تأييد 0
الاداة كشفت كم اصابه وحذفتها

اللحين جرب تعيد تشغيل جهازك

ولاحظ الفرق

بإنتظارك
 
توقيع : SUL6AN
تأييد 0
اوكي يالغلا الحين من الصورة هذه

شيل الصح عن المحدد بالاسود

zyzoom-f35343679f.jpg

وبلغني بالنتايج
 
توقيع : KoNaMi
تأييد 0
والله في تحسن حقيقة لكن ودي اعرف هل ممكن معرفة ما هية المشاكل التي وجدت او اي نصيحة لتلافي ذلك مستقبلا وهل تنصحوني بزيادة اي شي في الجهاز يعني هل المواصفات ليست جيده نوع الجهاز دلdell

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
والله اني عاجز عن شكركم تجاوب وتعاون منقطع النظير لكم جميعا كل التقدير من قلبي والله. بارك الله فيكم وكثر من امثالكم ونفع بكم
 
تأييد 0
otaifi قال:
والله في تحسن حقيقة لكن ودي اعرف هل ممكن معرفة ما هية المشاكل التي وجدت او اي نصيحة لتلافي ذلك مستقبلا وهل تنصحوني بزيادة اي شي في الجهاز يعني هل المواصفات ليست جيده نوع الجهاز دلdell

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
أنقر للتوسيع...

ماشاء الله الجهاز تمام والمفروض يكون جدا قوي

لكن النسخ المعدله تسبب بعض التعارض
فآنصحك بنسخه اصليه وخاام
وانت عدل عليها وهي على جهازك


بالتوفيق
 
توقيع : SUL6AN
تأييد 0
بالنسبه لسؤالك جهازك ديل معروف الديل انه كويس في الاستخدام

واهم شي يالغلا تقلل من برامج بدأ التشغيل لانها بيئة الفيروسات

بالتوفيق لك

 
توقيع : KoNaMi
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى